From 9b4103357c3dabf8fe968ec87aa1c15b0f0ada87 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 3 Jun 2019 19:00:54 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/14xxx/CVE-2017-14728.json | 58 ++++++++++++++- 2017/14xxx/CVE-2017-14850.json | 58 ++++++++++++++- 2017/14xxx/CVE-2017-14851.json | 58 ++++++++++++++- 2017/14xxx/CVE-2017-14852.json | 58 ++++++++++++++- 2017/14xxx/CVE-2017-14853.json | 58 ++++++++++++++- 2018/18xxx/CVE-2018-18356.json | 5 ++ 2018/18xxx/CVE-2018-18509.json | 5 ++ 2018/5xxx/CVE-2018-5404.json | 7 +- 2018/5xxx/CVE-2018-5405.json | 8 +- 2018/5xxx/CVE-2018-5406.json | 4 +- 2019/10xxx/CVE-2019-10144.json | 9 ++- 2019/10xxx/CVE-2019-10145.json | 9 ++- 2019/10xxx/CVE-2019-10147.json | 13 ++-- 2019/12xxx/CVE-2019-12310.json | 61 +++++++++++++-- 2019/3xxx/CVE-2019-3567.json | 2 +- 2019/3xxx/CVE-2019-3846.json | 9 ++- 2019/3xxx/CVE-2019-3895.json | 5 +- 2019/6xxx/CVE-2019-6736.json | 122 +++++++++++++++--------------- 2019/6xxx/CVE-2019-6737.json | 122 +++++++++++++++--------------- 2019/6xxx/CVE-2019-6738.json | 122 +++++++++++++++--------------- 2019/6xxx/CVE-2019-6739.json | 124 ++++++++++++++++--------------- 2019/6xxx/CVE-2019-6740.json | 124 ++++++++++++++++--------------- 2019/6xxx/CVE-2019-6741.json | 122 +++++++++++++++--------------- 2019/6xxx/CVE-2019-6742.json | 122 +++++++++++++++--------------- 2019/6xxx/CVE-2019-6743.json | 124 ++++++++++++++++--------------- 2019/6xxx/CVE-2019-6746.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6747.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6748.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6749.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6750.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6751.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6752.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6753.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6754.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6755.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6756.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6757.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6758.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6759.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6760.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6761.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6762.json | 132 +++++++++++++++++---------------- 2019/6xxx/CVE-2019-6763.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6764.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6765.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6766.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6767.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6768.json | 132 +++++++++++++++++---------------- 2019/6xxx/CVE-2019-6769.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6770.json | 132 +++++++++++++++++---------------- 2019/6xxx/CVE-2019-6771.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6772.json | 130 ++++++++++++++++---------------- 2019/6xxx/CVE-2019-6773.json | 130 ++++++++++++++++---------------- 2019/9xxx/CVE-2019-9753.json | 62 +++++++++++++++- 2019/9xxx/CVE-2019-9882.json | 10 ++- 2019/9xxx/CVE-2019-9883.json | 10 ++- 56 files changed, 2834 insertions(+), 2303 deletions(-) diff --git a/2017/14xxx/CVE-2017-14728.json b/2017/14xxx/CVE-2017-14728.json index 88b2962b40d..53640cc1fce 100644 --- a/2017/14xxx/CVE-2017-14728.json +++ b/2017/14xxx/CVE-2017-14728.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14728", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP remote authentication open to public." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.orpak.com/allproducts/siteomat-station-controller-sw/", + "refsource": "MISC", + "name": "http://www.orpak.com/allproducts/siteomat-station-controller-sw/" + }, + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01" + }, + { + "refsource": "BID", + "name": "108167", + "url": "http://www.securityfocus.com/bid/108167" } ] } diff --git a/2017/14xxx/CVE-2017-14850.json b/2017/14xxx/CVE-2017-14850.json index 06bb4e5705c..958d35845aa 100644 --- a/2017/14xxx/CVE-2017-14850.json +++ b/2017/14xxx/CVE-2017-14850.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14850", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation. An attacker with access to the web interface is able to hijack sessions or navigate victims outside of SiteOmat, to a malicious server owned by him." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.orpak.com", + "refsource": "MISC", + "name": "https://www.orpak.com" + }, + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01" + }, + { + "refsource": "BID", + "name": "108167", + "url": "http://www.securityfocus.com/bid/108167" } ] } diff --git a/2017/14xxx/CVE-2017-14851.json b/2017/14xxx/CVE-2017-14851.json index b8719b2bb0a..1779e029c80 100644 --- a/2017/14xxx/CVE-2017-14851.json +++ b/2017/14xxx/CVE-2017-14851.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14851", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.orpak.com", + "refsource": "MISC", + "name": "https://www.orpak.com" + }, + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01" + }, + { + "refsource": "BID", + "name": "108167", + "url": "http://www.securityfocus.com/bid/108167" } ] } diff --git a/2017/14xxx/CVE-2017-14852.json b/2017/14xxx/CVE-2017-14852.json index ff8b0be03f0..6a945902a25 100644 --- a/2017/14xxx/CVE-2017-14852.json +++ b/2017/14xxx/CVE-2017-14852.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14852", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.orpak.com", + "refsource": "MISC", + "name": "http://www.orpak.com" + }, + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01" + }, + { + "refsource": "BID", + "name": "108167", + "url": "http://www.securityfocus.com/bid/108167" } ] } diff --git a/2017/14xxx/CVE-2017-14853.json b/2017/14xxx/CVE-2017-14853.json index a24c6fe34f0..af8d8b61b3d 100644 --- a/2017/14xxx/CVE-2017-14853.json +++ b/2017/14xxx/CVE-2017-14853.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14853", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.orpak.com", + "refsource": "MISC", + "name": "https://www.orpak.com" + }, + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01" + }, + { + "refsource": "BID", + "name": "108167", + "url": "http://www.securityfocus.com/bid/108167" } ] } diff --git a/2018/18xxx/CVE-2018-18356.json b/2018/18xxx/CVE-2018-18356.json index b56011953db..0af6155c5e1 100644 --- a/2018/18xxx/CVE-2018-18356.json +++ b/2018/18xxx/CVE-2018-18356.json @@ -132,6 +132,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1162", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00043.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1144", + "url": "https://access.redhat.com/errata/RHSA-2019:1144" } ] } diff --git a/2018/18xxx/CVE-2018-18509.json b/2018/18xxx/CVE-2018-18509.json index 8cd84eaf2aa..75804c471c0 100644 --- a/2018/18xxx/CVE-2018-18509.json +++ b/2018/18xxx/CVE-2018-18509.json @@ -32,6 +32,11 @@ "name": "http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html", "url": "http://packetstormsecurity.com/files/152703/Johnny-You-Are-Fired.html" }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1144", + "url": "https://access.redhat.com/errata/RHSA-2019:1144" + }, { "refsource": "MISC", "name": "https://github.com/RUB-NDS/Johnny-You-Are-Fired", diff --git a/2018/5xxx/CVE-2018-5404.json b/2018/5xxx/CVE-2018-5404.json index 2487baa3f0e..56e8c9d8257 100644 --- a/2018/5xxx/CVE-2018-5404.json +++ b/2018/5xxx/CVE-2018-5404.json @@ -1,9 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "CERT@CERT.ORG", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2018-5404", - "STATE": "PUBLIC" -, + "STATE": "PUBLIC", "TITLE": "The Quest Kace K1000 Appliance is vulnerable to multiple Blind SQL Injections." }, "affects": { @@ -44,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. \nAn authenticated remote attacker could leverage Blind SQL injections to obtain sensitive data. " + "value": "The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated, remote attacker with least privileges ('User Console Only' role) to potentially exploit multiple Blind SQL Injection vulnerabilities to retrieve sensitive information from the database or copy the entire database. An authenticated remote attacker could leverage Blind SQL injections to obtain sensitive data." } ] }, diff --git a/2018/5xxx/CVE-2018-5405.json b/2018/5xxx/CVE-2018-5405.json index e7e52298469..9fe5d8cb33b 100644 --- a/2018/5xxx/CVE-2018-5405.json +++ b/2018/5xxx/CVE-2018-5405.json @@ -1,10 +1,10 @@ { "CVE_data_meta": { - "ASSIGNER": "CERT@CERT.ORG", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2018-5405", "STATE": "PUBLIC", "TITLE": "The Quest Kace K1000 Appliance is vulnerable to JavaScript injection." - }, + }, "affects": { "vendor": { "vendor_data": [ @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal session cookies of other users including Administrator and take over their session. This can further be exploited to launch other attacks. The software also does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other user.\nAn authenticated user with 'user console only' rights may inject arbitrary JavaScript, which could result in an attacker taking over a session of others, including an Administrator." + "value": "The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal session cookies of other users including Administrator and take over their session. This can further be exploited to launch other attacks. The software also does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other user. An authenticated user with 'user console only' rights may inject arbitrary JavaScript, which could result in an attacker taking over a session of others, including an Administrator." } ] }, @@ -79,4 +79,4 @@ "source": { "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5406.json b/2018/5xxx/CVE-2018-5406.json index 2890c0eae17..823e362c11d 100644 --- a/2018/5xxx/CVE-2018-5406.json +++ b/2018/5xxx/CVE-2018-5406.json @@ -1,6 +1,6 @@ { "CVE_data_meta": { - "ASSIGNER": "CERT@CERT.ORG", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2018-5406", "STATE": "PUBLIC", "TITLE": "The Quest Kace K1000 Appliance misconfigures the Cross-Origin Resource Sharing (CORS) mechanism." @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a new administrator account or changing the appliance’s settings. A malicious internal user could also gain administrator privileges of this appliance and use it to visit a malicious link that exploits this vulnerability. This could cause the application to perform sensitive actions such as adding a new administrator account or changing the appliance’s settings. \nAn unauthenticated, remote attacker could add an administrator-level account or change the appliance's settings.\n" + "value": "The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a new administrator account or changing the appliance\u2019s settings. A malicious internal user could also gain administrator privileges of this appliance and use it to visit a malicious link that exploits this vulnerability. This could cause the application to perform sensitive actions such as adding a new administrator account or changing the appliance\u2019s settings. An unauthenticated, remote attacker could add an administrator-level account or change the appliance's settings." } ] }, diff --git a/2019/10xxx/CVE-2019-10144.json b/2019/10xxx/CVE-2019-10144.json index c8514a51a90..071623b064a 100644 --- a/2019/10xxx/CVE-2019-10144.json +++ b/2019/10xxx/CVE-2019-10144.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10144", - "ASSIGNER": "sfowler@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -44,7 +45,9 @@ "references": { "reference_data": [ { - "url": "https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/" + "url": "https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/", + "refsource": "MISC", + "name": "https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10144", @@ -71,4 +74,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10145.json b/2019/10xxx/CVE-2019-10145.json index 067db79e244..9d6f64e0be8 100644 --- a/2019/10xxx/CVE-2019-10145.json +++ b/2019/10xxx/CVE-2019-10145.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10145", - "ASSIGNER": "sfowler@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -49,7 +50,9 @@ "refsource": "CONFIRM" }, { - "url": "https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/" + "url": "https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/", + "refsource": "MISC", + "name": "https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/" } ] }, @@ -71,4 +74,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10147.json b/2019/10xxx/CVE-2019-10147.json index c2c75ddb36d..d02d5fd666c 100644 --- a/2019/10xxx/CVE-2019-10147.json +++ b/2019/10xxx/CVE-2019-10147.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10147", - "ASSIGNER": "sfowler@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -43,13 +44,15 @@ }, "references": { "reference_data": [ + { + "url": "https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/", + "refsource": "MISC", + "name": "https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/" + }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10147", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10147", "refsource": "CONFIRM" - }, - { - "url": "https://www.twistlock.com/labs-blog/breaking-out-of-coresos-rkt-3-new-cves/" } ] }, @@ -71,4 +74,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12310.json b/2019/12xxx/CVE-2019-12310.json index b715b2d4810..4ecee52747d 100644 --- a/2019/12xxx/CVE-2019-12310.json +++ b/2019/12xxx/CVE-2019-12310.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12310", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12310", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ExaGrid appliances with firmware version v4.8.1.1044.P50 have a /monitor/data/Upgrade/ directory traversal vulnerability, which allows remote attackers to view and retrieve verbose logging information. Files within this directory were observed to contain sensitive run-time information, including Base64 encoded 'support' credentials, leading to administrative access of the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://exagrid.com/exagrid-products/resources/", + "refsource": "MISC", + "name": "https://exagrid.com/exagrid-products/resources/" + }, + { + "refsource": "MISC", + "name": "https://www.inquisitllc.com/exagrid-directory-traversal-vulnerability-to-support-credential-extraction/", + "url": "https://www.inquisitllc.com/exagrid-directory-traversal-vulnerability-to-support-credential-extraction/" } ] } diff --git a/2019/3xxx/CVE-2019-3567.json b/2019/3xxx/CVE-2019-3567.json index 94d34990f5d..925ea9141e3 100644 --- a/2019/3xxx/CVE-2019-3567.json +++ b/2019/3xxx/CVE-2019-3567.json @@ -65,4 +65,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3846.json b/2019/3xxx/CVE-2019-3846.json index ddb6ffda208..2a8e318db55 100644 --- a/2019/3xxx/CVE-2019-3846.json +++ b/2019/3xxx/CVE-2019-3846.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-3846", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -44,7 +45,9 @@ "references": { "reference_data": [ { - "url": "https://seclists.org/oss-sec/2019/q2/133" + "url": "https://seclists.org/oss-sec/2019/q2/133", + "refsource": "MISC", + "name": "https://seclists.org/oss-sec/2019/q2/133" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3846", @@ -71,4 +74,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3895.json b/2019/3xxx/CVE-2019-3895.json index 7f81d28d0b0..37d7528d1f8 100644 --- a/2019/3xxx/CVE-2019-3895.json +++ b/2019/3xxx/CVE-2019-3895.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-3895", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -68,4 +69,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6736.json b/2019/6xxx/CVE-2019-6736.json index 9d3743d1e02..e456259e0bc 100644 --- a/2019/6xxx/CVE-2019-6736.json +++ b/2019/6xxx/CVE-2019-6736.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6736", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "SafePay", - "version": { - "version_data": [ - { - "version_value": "23.0.10.34" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SafePay", + "version": { + "version_data": [ + { + "version_value": "23.0.10.34" + } + ] + } + } + ] + }, + "vendor_name": "Bitdefender" } - } ] - }, - "vendor_name": "Bitdefender" } - ] - } - }, - "credit": "Juho Nurminen", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of tiscript. When processing the System.Exec method the application does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7234." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-356: Product UI does not Warn User of Unsafe Actions" - } + }, + "credit": "Juho Nurminen", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of tiscript. When processing the System.Exec method the application does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7234." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-157/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-356: Product UI does not Warn User of Unsafe Actions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-157/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-157/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6737.json b/2019/6xxx/CVE-2019-6737.json index 58feb013bdb..cb6e7cf2879 100644 --- a/2019/6xxx/CVE-2019-6737.json +++ b/2019/6xxx/CVE-2019-6737.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6737", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "SafePay", - "version": { - "version_data": [ - { - "version_value": "23.0.10.34" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SafePay", + "version": { + "version_data": [ + { + "version_value": "23.0.10.34" + } + ] + } + } + ] + }, + "vendor_name": "Bitdefender" } - } ] - }, - "vendor_name": "Bitdefender" } - ] - } - }, - "credit": "Mat Powell of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of TIScript. The issue lies in the handling of the openFile method, which allows for an arbitrary file write with attacker controlled data. An attacker can leverage this vulnerability execute code in the context of the current process.\n Was ZDI-CAN-7247." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-356: Product UI does not Warn User of Unsafe Actions" - } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIScript. The issue lies in the handling of the openFile method, which allows for an arbitrary file write with attacker controlled data. An attacker can leverage this vulnerability execute code in the context of the current process. Was ZDI-CAN-7247." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-158/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-356: Product UI does not Warn User of Unsafe Actions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-158/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-158/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6738.json b/2019/6xxx/CVE-2019-6738.json index 703705cc966..f6786ebfdb0 100644 --- a/2019/6xxx/CVE-2019-6738.json +++ b/2019/6xxx/CVE-2019-6738.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6738", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "SafePay", - "version": { - "version_data": [ - { - "version_value": "23.0.10.34" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SafePay", + "version": { + "version_data": [ + { + "version_value": "23.0.10.34" + } + ] + } + } + ] + }, + "vendor_name": "Bitdefender" } - } ] - }, - "vendor_name": "Bitdefender" } - ] - } - }, - "credit": "Mat Powell of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of TIScript. When processing the launch method the application does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability execute code in the context of the current process.\n Was ZDI-CAN-7250." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-356: Product UI does not Warn User of Unsafe Actions" - } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender SafePay 23.0.10.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of TIScript. When processing the launch method the application does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability execute code in the context of the current process. Was ZDI-CAN-7250." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-159/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-356: Product UI does not Warn User of Unsafe Actions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-159/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-159/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6739.json b/2019/6xxx/CVE-2019-6739.json index dddcdd2b169..f37f287b6aa 100644 --- a/2019/6xxx/CVE-2019-6739.json +++ b/2019/6xxx/CVE-2019-6739.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6739", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Antimalware", - "version": { - "version_data": [ - { - "version_value": "3.6.1.2711" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Antimalware", + "version": { + "version_data": [ + { + "version_value": "3.6.1.2711" + } + ] + } + } + ] + }, + "vendor_name": "Malwarebytes" } - } ] - }, - "vendor_name": "Malwarebytes" } - ] - } - }, - "credit": "rgod of 9sg Security Team - rgod@9sgsec.com", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.\n\nThere is an issue with the way the product handles URIs within certain schemes. The product does not warn the user that a dangerous navigation is about to take place. Because special characters in the URI are not sanitized, this could lead to the execution of arbitrary commands. An attacker can leverage this vulnerability to execute code in the context of the current user at medium integrity.\n Was ZDI-CAN-7162." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" - } + }, + "credit": "rgod of 9sg Security Team - rgod@9sgsec.com", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Malwarebytes Antimalware 3.6.1.2711. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. There is an issue with the way the product handles URIs within certain schemes. The product does not warn the user that a dangerous navigation is about to take place. Because special characters in the URI are not sanitized, this could lead to the execution of arbitrary commands. An attacker can leverage this vulnerability to execute code in the context of the current user at medium integrity. Was ZDI-CAN-7162." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-223/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-223/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-223/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6740.json b/2019/6xxx/CVE-2019-6740.json index a482c4483cb..44f51fc22ab 100644 --- a/2019/6xxx/CVE-2019-6740.json +++ b/2019/6xxx/CVE-2019-6740.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6740", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Galaxy S9", - "version": { - "version_data": [ - { - "version_value": "prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467)" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Galaxy S9", + "version": { + "version_data": [ + { + "version_value": "prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467)" + } + ] + } + } + ] + }, + "vendor_name": "Samsung" } - } ] - }, - "vendor_name": "Samsung" } - ] - } - }, - "credit": "fluoroacetate", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the ASN.1 parser. When parsing ASN.1 strings, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7472." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-122: Heap-based Buffer Overflow" - } + }, + "credit": "fluoroacetate", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ASN.1 parser. When parsing ASN.1 strings, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7472." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-253/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-253/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-253/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6741.json b/2019/6xxx/CVE-2019-6741.json index 529edc0c854..373498b8d8f 100644 --- a/2019/6xxx/CVE-2019-6741.json +++ b/2019/6xxx/CVE-2019-6741.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6741", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Galaxy S9", - "version": { - "version_data": [ - { - "version_value": "prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467)" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Galaxy S9", + "version": { + "version_data": [ + { + "version_value": "prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467)" + } + ] + } + } + ] + }, + "vendor_name": "Samsung" } - } ] - }, - "vendor_name": "Samsung" } - ] - } - }, - "credit": "MWR Labs - Georgi Geshev and Robert Miller", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must connect to a wireless network.\n\nThe specific flaw exists within the captive portal. By manipulating HTML, an attacker can force a page redirection. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7476." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')" - } + }, + "credit": "MWR Labs - Georgi Geshev and Robert Miller", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must connect to a wireless network. The specific flaw exists within the captive portal. By manipulating HTML, an attacker can force a page redirection. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7476." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-254/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-254/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-254/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6742.json b/2019/6xxx/CVE-2019-6742.json index 304b300f82f..41d7cd0423d 100644 --- a/2019/6xxx/CVE-2019-6742.json +++ b/2019/6xxx/CVE-2019-6742.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6742", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Galaxy S9", - "version": { - "version_data": [ - { - "version_value": "prior to 1.4.20.2" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Galaxy S9", + "version": { + "version_data": [ + { + "version_value": "prior to 1.4.20.2" + } + ] + } + } + ] + }, + "vendor_name": "Samsung" } - } ] - }, - "vendor_name": "Samsung" } - ] - } - }, - "credit": "MWR Labs - Georgi Geshev and Robert Miller", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7477." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-358: Improperly Implemented Security Check for Standard" - } + }, + "credit": "MWR Labs - Georgi Geshev and Robert Miller", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7477." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-255/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-358: Improperly Implemented Security Check for Standard" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-255/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-255/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6743.json b/2019/6xxx/CVE-2019-6743.json index 6ee9d135226..33a56d3f68d 100644 --- a/2019/6xxx/CVE-2019-6743.json +++ b/2019/6xxx/CVE-2019-6743.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6743", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Browser", - "version": { - "version_data": [ - { - "version_value": "prior to 10.4.0" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6743", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Browser", + "version": { + "version_data": [ + { + "version_value": "prior to 10.4.0" + } + ] + } + } + ] + }, + "vendor_name": "Xiaomi" } - } ] - }, - "vendor_name": "Xiaomi" } - ] - } - }, - "credit": "fluoroacetate", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the WebAssembly.Instance method. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7466." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "fluoroacetate", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WebAssembly.Instance method. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7466." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-366/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-366/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-366/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6746.json b/2019/6xxx/CVE-2019-6746.json index 0ed8381ea77..4c961477e0c 100644 --- a/2019/6xxx/CVE-2019-6746.json +++ b/2019/6xxx/CVE-2019-6746.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6746", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Studio Photo", - "version": { - "version_data": [ - { - "version_value": "3.6.6" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Studio Photo", + "version": { + "version_data": [ + { + "version_value": "3.6.6" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Mat Powell of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.\n Was ZDI-CAN-7634." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-125: Out-of-bounds Read" - } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7634." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-370/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-370/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-370/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6747.json b/2019/6xxx/CVE-2019-6747.json index 8a7d9418f67..3221c2bea3f 100644 --- a/2019/6xxx/CVE-2019-6747.json +++ b/2019/6xxx/CVE-2019-6747.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6747", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Studio Photo", - "version": { - "version_data": [ - { - "version_value": "3.6.6" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Studio Photo", + "version": { + "version_data": [ + { + "version_value": "3.6.6" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Mat Powell of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7636." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7636." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-371/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-371/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-371/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6748.json b/2019/6xxx/CVE-2019-6748.json index a8a73e86b46..1d2a9a11480 100644 --- a/2019/6xxx/CVE-2019-6748.json +++ b/2019/6xxx/CVE-2019-6748.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6748", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Studio Photo", - "version": { - "version_data": [ - { - "version_value": "3.6.6" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Studio Photo", + "version": { + "version_data": [ + { + "version_value": "3.6.6" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Mat Powell of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7637." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7637." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-372/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-372/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-372/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6749.json b/2019/6xxx/CVE-2019-6749.json index 6448d72b4f2..9a8eae25bf8 100644 --- a/2019/6xxx/CVE-2019-6749.json +++ b/2019/6xxx/CVE-2019-6749.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6749", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Studio Photo", - "version": { - "version_data": [ - { - "version_value": "3.6.6" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Studio Photo", + "version": { + "version_data": [ + { + "version_value": "3.6.6" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Mat Powell of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of EZIX files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7638." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZIX files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7638." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-373/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-373/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-373/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6750.json b/2019/6xxx/CVE-2019-6750.json index 449e6b0f8a2..83db46b8aeb 100644 --- a/2019/6xxx/CVE-2019-6750.json +++ b/2019/6xxx/CVE-2019-6750.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6750", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Studio Photo", - "version": { - "version_data": [ - { - "version_value": "3.6.6" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6750", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Studio Photo", + "version": { + "version_data": [ + { + "version_value": "3.6.6" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Mat Powell of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7639." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7639." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-374/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-374/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-374/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6751.json b/2019/6xxx/CVE-2019-6751.json index 4dbf0a6a639..dbf4425f843 100644 --- a/2019/6xxx/CVE-2019-6751.json +++ b/2019/6xxx/CVE-2019-6751.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6751", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Studio Photo", - "version": { - "version_data": [ - { - "version_value": "3.6.6.779" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6751", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Studio Photo", + "version": { + "version_data": [ + { + "version_value": "3.6.6.779" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Mat Powell of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6.779. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7632." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6.779. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7632." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-375/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-375/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-375/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6752.json b/2019/6xxx/CVE-2019-6752.json index cd12bdc24ea..903a240340d 100644 --- a/2019/6xxx/CVE-2019-6752.json +++ b/2019/6xxx/CVE-2019-6752.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6752", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PhantomPDF", - "version": { - "version_data": [ - { - "version_value": "9.3.10826" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6752", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.3.10826" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "T3rmin4t0r", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7620." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-125: Out-of-bounds Read" - } + }, + "credit": "T3rmin4t0r", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF documents. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7620." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-426/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-426/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-426/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6753.json b/2019/6xxx/CVE-2019-6753.json index 00987b96a3e..fd7a307b330 100644 --- a/2019/6xxx/CVE-2019-6753.json +++ b/2019/6xxx/CVE-2019-6753.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6753", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Reader", - "version": { - "version_data": [ - { - "version_value": "9.3.0.10826" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.3.0.10826" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Anonymous", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.3.0.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of the Stuff method. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.\n Was ZDI-CAN-7561." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-190: Integer Overflow or Wraparound" - } + }, + "credit": "Anonymous", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.3.0.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Stuff method. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7561." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-427/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190: Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-427/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-427/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6754.json b/2019/6xxx/CVE-2019-6754.json index a0690433a57..af9cf5d1914 100644 --- a/2019/6xxx/CVE-2019-6754.json +++ b/2019/6xxx/CVE-2019-6754.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6754", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Reader", - "version": { - "version_data": [ - { - "version_value": "9.3.10826" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6754", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.3.10826" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Steven Seeley (mr_me) of Source Incite", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the localFileStorage method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7407." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" - } + }, + "credit": "Steven Seeley (mr_me) of Source Incite", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the localFileStorage method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7407." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-428/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-428/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-428/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6755.json b/2019/6xxx/CVE-2019-6755.json index 0f6e008850e..921a7faaaa6 100644 --- a/2019/6xxx/CVE-2019-6755.json +++ b/2019/6xxx/CVE-2019-6755.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6755", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Reader", - "version": { - "version_data": [ - { - "version_value": "9.3.10826" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.3.10826" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Hao Li from ADLab of VenusTech", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7613." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "Hao Li from ADLab of VenusTech", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7613." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-429/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-429/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-429/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6756.json b/2019/6xxx/CVE-2019-6756.json index 91a72d05bba..e2b657fd230 100644 --- a/2019/6xxx/CVE-2019-6756.json +++ b/2019/6xxx/CVE-2019-6756.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6756", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PhantomPDF", - "version": { - "version_data": [ - { - "version_value": "9.4.0.16811" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6756", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.4.0.16811" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Mat Powell of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of HTML files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7769." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HTML files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7769." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-430/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-430/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-430/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6757.json b/2019/6xxx/CVE-2019-6757.json index 8b8c824aa92..64e6ff365e5 100644 --- a/2019/6xxx/CVE-2019-6757.json +++ b/2019/6xxx/CVE-2019-6757.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6757", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Reader", - "version": { - "version_data": [ - { - "version_value": "9.4.16811" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6757", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.4.16811" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Hao Li from ADLab of VenusTech", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7696." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "Hao Li from ADLab of VenusTech", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7696." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-431/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-431/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-431/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6758.json b/2019/6xxx/CVE-2019-6758.json index 79c93b63aba..06be98daad2 100644 --- a/2019/6xxx/CVE-2019-6758.json +++ b/2019/6xxx/CVE-2019-6758.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6758", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Reader", - "version": { - "version_data": [ - { - "version_value": "9.4.16811" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6758", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.4.16811" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Hao Li from ADLab of VenusTech", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7701." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "Hao Li from ADLab of VenusTech", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-7701." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-432/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-432/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-432/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6759.json b/2019/6xxx/CVE-2019-6759.json index 2a3736b64a7..d91b52f207b 100644 --- a/2019/6xxx/CVE-2019-6759.json +++ b/2019/6xxx/CVE-2019-6759.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6759", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Reader", - "version": { - "version_data": [ - { - "version_value": "9.3.10826" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6759", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.3.10826" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Hao Li from ADLab of VenusTech", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7614." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "Hao Li from ADLab of VenusTech", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7614." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-433/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-433/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-433/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6760.json b/2019/6xxx/CVE-2019-6760.json index 8fdef960d88..076bb395846 100644 --- a/2019/6xxx/CVE-2019-6760.json +++ b/2019/6xxx/CVE-2019-6760.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6760", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Reader", - "version": { - "version_data": [ - { - "version_value": "9.4.16811" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.4.16811" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Hao Li from ADLab of VenusTech", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7694." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "Hao Li from ADLab of VenusTech", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7694." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-434/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-434/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-434/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6761.json b/2019/6xxx/CVE-2019-6761.json index 1086905d1a6..15ad9e31e8e 100644 --- a/2019/6xxx/CVE-2019-6761.json +++ b/2019/6xxx/CVE-2019-6761.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6761", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Reader", - "version": { - "version_data": [ - { - "version_value": "9.4.0.16811" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.4.0.16811" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "juggernaut", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the XFA CXFA_FFDocView object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7777." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "juggernaut", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XFA CXFA_FFDocView object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7777." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-435/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-435/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-435/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6762.json b/2019/6xxx/CVE-2019-6762.json index 3b23ba315d7..1d183ca675b 100644 --- a/2019/6xxx/CVE-2019-6762.json +++ b/2019/6xxx/CVE-2019-6762.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6762", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PhantomPDF", - "version": { - "version_data": [ - { - "version_value": "9.4.1.16828" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.4.1.16828" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "kdot", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7844." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "kdot", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7844." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-436/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-436/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-436/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6763.json b/2019/6xxx/CVE-2019-6763.json index ae7214a05d7..60a751c879b 100644 --- a/2019/6xxx/CVE-2019-6763.json +++ b/2019/6xxx/CVE-2019-6763.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6763", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Reader", - "version": { - "version_data": [ - { - "version_value": "9.4.1.16828" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6763", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.4.1.16828" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "@j00sean (https://twitter.com/j00sean)", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the ToggleFormsDesign method of the Foxit.FoxitReader.Ctl ActiveX object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7874." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "@j00sean (https://twitter.com/j00sean)", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ToggleFormsDesign method of the Foxit.FoxitReader.Ctl ActiveX object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7874." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-437/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-437/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-437/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6764.json b/2019/6xxx/CVE-2019-6764.json index da5306d017e..44ef926c5d7 100644 --- a/2019/6xxx/CVE-2019-6764.json +++ b/2019/6xxx/CVE-2019-6764.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6764", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Reader", - "version": { - "version_data": [ - { - "version_value": "9.4.1.16828" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6764", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.4.1.16828" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "hungtt28 of Viettel Cyber Security", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of XFA Template objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-7972." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "hungtt28 of Viettel Cyber Security", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA Template objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7972." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-438/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-438/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-438/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6765.json b/2019/6xxx/CVE-2019-6765.json index 66c8a732246..abbe2a6d910 100644 --- a/2019/6xxx/CVE-2019-6765.json +++ b/2019/6xxx/CVE-2019-6765.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6765", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PhantomPDF", - "version": { - "version_data": [ - { - "version_value": "9.4.1.16828" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.4.1.16828" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "RockStar", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-8170." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-125: Out-of-bounds Read" - } + }, + "credit": "RockStar", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of HTML files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8170." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-439/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-439/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-439/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6766.json b/2019/6xxx/CVE-2019-6766.json index 3e4332a0009..b236507b7c0 100644 --- a/2019/6xxx/CVE-2019-6766.json +++ b/2019/6xxx/CVE-2019-6766.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6766", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Reader", - "version": { - "version_data": [ - { - "version_value": "9.4.1.16828" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.4.1.16828" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "hemidallt", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.\n Was ZDI-CAN-8162." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "hemidallt", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8162." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-440/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-440/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-440/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6767.json b/2019/6xxx/CVE-2019-6767.json index 913c66c1c1a..f3d8e298621 100644 --- a/2019/6xxx/CVE-2019-6767.json +++ b/2019/6xxx/CVE-2019-6767.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6767", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Reader", - "version": { - "version_data": [ - { - "version_value": "9.4.1.16828" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.4.1.16828" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "hemidallt", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-8163." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "hemidallt", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8163." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-441/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-441/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-441/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6768.json b/2019/6xxx/CVE-2019-6768.json index 695603891b0..c63708499ad 100644 --- a/2019/6xxx/CVE-2019-6768.json +++ b/2019/6xxx/CVE-2019-6768.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6768", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Reader", - "version": { - "version_data": [ - { - "version_value": "9.4.1.16828" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.4.1.16828" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "hemidallt", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-8164." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "hemidallt", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8164." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-442/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-442/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-442/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6769.json b/2019/6xxx/CVE-2019-6769.json index d100551e56a..776a8a1ea71 100644 --- a/2019/6xxx/CVE-2019-6769.json +++ b/2019/6xxx/CVE-2019-6769.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6769", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Reader", - "version": { - "version_data": [ - { - "version_value": "9.4.1.16828" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.4.1.16828" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "hemidallt", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.\n Was ZDI-CAN-8165." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "hemidallt", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8165." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-443/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-443/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-443/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6770.json b/2019/6xxx/CVE-2019-6770.json index 6e75b2fac1c..51f285935f6 100644 --- a/2019/6xxx/CVE-2019-6770.json +++ b/2019/6xxx/CVE-2019-6770.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6770", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Reader", - "version": { - "version_data": [ - { - "version_value": "9.4.1.16828" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.4.1.16828" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "hemidallt", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the resetForm method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.\n Was ZDI-CAN-8229." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "hemidallt", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8229." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-444/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-444/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-444/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6771.json b/2019/6xxx/CVE-2019-6771.json index 7cfbd53bf34..f79b2d02b9d 100644 --- a/2019/6xxx/CVE-2019-6771.json +++ b/2019/6xxx/CVE-2019-6771.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6771", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Reader", - "version": { - "version_data": [ - { - "version_value": "2019.010.20098" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "2019.010.20098" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "hemidallt", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of the value property of a Field object within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.\n Was ZDI-CAN-8230." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "hemidallt", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the value property of a Field object within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8230." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-445/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-445/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-445/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6772.json b/2019/6xxx/CVE-2019-6772.json index bec770b6345..ceedbd5ac3c 100644 --- a/2019/6xxx/CVE-2019-6772.json +++ b/2019/6xxx/CVE-2019-6772.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6772", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Reader", - "version": { - "version_data": [ - { - "version_value": "2019.010.20098" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6772", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "2019.010.20098" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "hemidallt", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.\n Was ZDI-CAN-8231." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "hemidallt", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method when processing AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8231." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-446/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-446/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-446/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6773.json b/2019/6xxx/CVE-2019-6773.json index 07bde6e9dfd..28931043dc8 100644 --- a/2019/6xxx/CVE-2019-6773.json +++ b/2019/6xxx/CVE-2019-6773.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-6773", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Reader", - "version": { - "version_data": [ - { - "version_value": "9.4.1.16828" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-6773", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.4.1.16828" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Anonymous", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of the richValue property of a Field object within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.\n Was ZDI-CAN-8272." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "Anonymous", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the richValue property of a Field object within AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8272." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-447/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-447/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-447/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9753.json b/2019/9xxx/CVE-2019-9753.json index ab261c0bdd9..78e58c5bac8 100644 --- a/2019/9xxx/CVE-2019-9753.json +++ b/2019/9xxx/CVE-2019-9753.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9753", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Open Ticket Request System (OTRS) 7.x before 7.0.5. An attacker who is logged into OTRS as an agent or a customer user can use the search result screens to disclose information from invalid system entities. Following is the list of affected entities: Custom Pages, FAQ Articles, Service Catalogue Items, ITSM Configuration Items." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://community.otrs.com/security-advisory-2019-03-security-update-for-otrs-framework", + "refsource": "MISC", + "name": "https://community.otrs.com/security-advisory-2019-03-security-update-for-otrs-framework" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:R", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9882.json b/2019/9xxx/CVE-2019-9882.json index 683e6979af0..93c98992455 100644 --- a/2019/9xxx/CVE-2019-9882.json +++ b/2019/9xxx/CVE-2019-9882.json @@ -107,12 +107,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201904002" + "refsource": "MISC", + "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201904002", + "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201904002" }, { - "refsource": "CONFIRM", - "url": "http://surl.twcert.org.tw/MtWeJ" + "refsource": "MISC", + "url": "http://surl.twcert.org.tw/MtWeJ", + "name": "http://surl.twcert.org.tw/MtWeJ" } ] }, diff --git a/2019/9xxx/CVE-2019-9883.json b/2019/9xxx/CVE-2019-9883.json index 00266d73745..864ede32974 100644 --- a/2019/9xxx/CVE-2019-9883.json +++ b/2019/9xxx/CVE-2019-9883.json @@ -107,12 +107,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201904003" + "refsource": "MISC", + "url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201904003", + "name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201904003" }, { - "refsource": "CONFIRM", - "url": "http://surl.twcert.org.tw/mChNi" + "refsource": "MISC", + "url": "http://surl.twcert.org.tw/mChNi", + "name": "http://surl.twcert.org.tw/mChNi" } ] },