From 9da99ea5821ec057881a98264742849118e1f53d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 8 Mar 2019 18:05:13 -0500 Subject: [PATCH] Adding several CVEs for Kaspersky. --- 2019/8xxx/CVE-2019-8263.json | 10 +++----- 2019/8xxx/CVE-2019-8264.json | 49 +++++++++++++++++++++++++++++++++--- 2019/8xxx/CVE-2019-8265.json | 49 +++++++++++++++++++++++++++++++++--- 2019/8xxx/CVE-2019-8266.json | 49 +++++++++++++++++++++++++++++++++--- 2019/8xxx/CVE-2019-8267.json | 49 +++++++++++++++++++++++++++++++++--- 2019/8xxx/CVE-2019-8268.json | 49 +++++++++++++++++++++++++++++++++--- 2019/8xxx/CVE-2019-8269.json | 49 +++++++++++++++++++++++++++++++++--- 2019/8xxx/CVE-2019-8270.json | 49 +++++++++++++++++++++++++++++++++--- 2019/8xxx/CVE-2019-8271.json | 49 +++++++++++++++++++++++++++++++++--- 2019/8xxx/CVE-2019-8272.json | 49 +++++++++++++++++++++++++++++++++--- 2019/8xxx/CVE-2019-8273.json | 49 +++++++++++++++++++++++++++++++++--- 2019/8xxx/CVE-2019-8274.json | 49 +++++++++++++++++++++++++++++++++--- 2019/8xxx/CVE-2019-8275.json | 49 +++++++++++++++++++++++++++++++++--- 2019/8xxx/CVE-2019-8276.json | 49 +++++++++++++++++++++++++++++++++--- 2019/8xxx/CVE-2019-8277.json | 49 +++++++++++++++++++++++++++++++++--- 2019/8xxx/CVE-2019-8280.json | 49 +++++++++++++++++++++++++++++++++--- 16 files changed, 694 insertions(+), 51 deletions(-) diff --git a/2019/8xxx/CVE-2019-8263.json b/2019/8xxx/CVE-2019-8263.json index 1487d90ad79..c57a26eaf1a 100644 --- a/2019/8xxx/CVE-2019-8263.json +++ b/2019/8xxx/CVE-2019-8263.json @@ -23,7 +23,7 @@ } ] }, - "vendor_name" : "UltraVNC" + "vendor_name" : "Kaspersky Lab" } ] } @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code in execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204." + "value" : "UltraVNC revision 1205 has stack-based buffer overflow vulnerability in VNC client code inside ShowConnInfo routine, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. User interaction is required to trigger this vulnerability. This vulnerability has been fixed in revision 1206." } ] }, @@ -45,7 +45,7 @@ "description" : [ { "lang" : "eng", - "value" : "CWE-788: Access of Memory Location After End of Buffer" + "value" : "CWE-121: Stack-based Buffer Overflow" } ] } @@ -54,9 +54,7 @@ "references" : { "reference_data" : [ { - "name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/", - "refsource" : "MISC", - "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/" + "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-010-ultravnc-stack-based-buffer-overflow/" } ] } diff --git a/2019/8xxx/CVE-2019-8264.json b/2019/8xxx/CVE-2019-8264.json index 55e37c44c40..b6d55fae349 100644 --- a/2019/8xxx/CVE-2019-8264.json +++ b/2019/8xxx/CVE-2019-8264.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vulnerability@kaspersky.com", + "DATE_PUBLIC" : "2019-03-01T00:00:00", "ID" : "CVE-2019-8264", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "UltraVNC", + "version" : { + "version_data" : [ + { + "version_value" : "1.2.2.3" + } + ] + } + } + ] + }, + "vendor_name" : "Kaspersky Lab" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside Ultra2 decoder, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-788: Access of Memory Location After End of Buffer" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-011-ultravnc-access-of-memory-location-after-end-of-buffer/" } ] } diff --git a/2019/8xxx/CVE-2019-8265.json b/2019/8xxx/CVE-2019-8265.json index 99b58deab5e..aa13b08b68f 100644 --- a/2019/8xxx/CVE-2019-8265.json +++ b/2019/8xxx/CVE-2019-8265.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vulnerability@kaspersky.com", + "DATE_PUBLIC" : "2019-03-01T00:00:00", "ID" : "CVE-2019-8265", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "UltraVNC", + "version" : { + "version_data" : [ + { + "version_value" : "1.2.2.3" + } + ] + } + } + ] + }, + "vendor_name" : "Kaspersky Lab" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of SETPIXELS macro in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1208." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-788: Access of Memory Location After End of Buffer" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-012-ultravnc-access-of-memory-location-after-end-of-buffer/" } ] } diff --git a/2019/8xxx/CVE-2019-8266.json b/2019/8xxx/CVE-2019-8266.json index 5967c17cb2c..a73f450086b 100644 --- a/2019/8xxx/CVE-2019-8266.json +++ b/2019/8xxx/CVE-2019-8266.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vulnerability@kaspersky.com", + "DATE_PUBLIC" : "2019-03-01T00:00:00", "ID" : "CVE-2019-8266", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "UltraVNC", + "version" : { + "version_data" : [ + { + "version_value" : "1.2.2.3" + } + ] + } + } + ] + }, + "vendor_name" : "Kaspersky Lab" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "UltraVNC revision 1207 has multiple out-of-bounds access vulnerabilities connected with improper usage of ClientConnection::Copybuffer function in VNC client code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. User interaction is required to trigger these vulnerabilities. These vulnerabilities have been fixed in revision 1208." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-788: Access of Memory Location After End of Buffer" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-013-ultravnc-access-of-memory-location-after-end-of-buffer/" } ] } diff --git a/2019/8xxx/CVE-2019-8267.json b/2019/8xxx/CVE-2019-8267.json index cd1fbc93754..b088467194f 100644 --- a/2019/8xxx/CVE-2019-8267.json +++ b/2019/8xxx/CVE-2019-8267.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vulnerability@kaspersky.com", + "DATE_PUBLIC" : "2019-03-01T00:00:00", "ID" : "CVE-2019-8267", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "UltraVNC", + "version" : { + "version_data" : [ + { + "version_value" : "1.2.2.3" + } + ] + } + } + ] + }, + "vendor_name" : "Kaspersky Lab" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "UltraVNC revision 1207 has out-of-bounds read vulnerability in VNC client code inside TextChat module, which results in a denial of service (DoS) condition. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1208." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-014-ultravnc-out-of-bounds-read/" } ] } diff --git a/2019/8xxx/CVE-2019-8268.json b/2019/8xxx/CVE-2019-8268.json index 07b98b73995..b0ea1c1d882 100644 --- a/2019/8xxx/CVE-2019-8268.json +++ b/2019/8xxx/CVE-2019-8268.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vulnerability@kaspersky.com", + "DATE_PUBLIC" : "2019-03-01T00:00:00", "ID" : "CVE-2019-8268", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "UltraVNC", + "version" : { + "version_data" : [ + { + "version_value" : "1.2.2.3" + } + ] + } + } + ] + }, + "vendor_name" : "Kaspersky Lab" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "UltraVNC revision 1206 has multiple off-by-one vulnerabilities in VNC client code connected with improper usage of ClientConnection::ReadString function, which can potentially result code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1207." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-193: Off-by-one Error" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-015-ultravnc-off-by-one-error/" } ] } diff --git a/2019/8xxx/CVE-2019-8269.json b/2019/8xxx/CVE-2019-8269.json index 31a20bf24e0..54238660355 100644 --- a/2019/8xxx/CVE-2019-8269.json +++ b/2019/8xxx/CVE-2019-8269.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vulnerability@kaspersky.com", + "DATE_PUBLIC" : "2019-03-01T00:00:00", "ID" : "CVE-2019-8269", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "UltraVNC", + "version" : { + "version_data" : [ + { + "version_value" : "1.2.2.3" + } + ] + } + } + ] + }, + "vendor_name" : "Kaspersky Lab" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "UltraVNC revision 1206 has stack-based Buffer overflow vulnerability in VNC client code inside FileTransfer module, which leads to a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1207." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-016-ultravnc-stack-based-buffer-overflow/" } ] } diff --git a/2019/8xxx/CVE-2019-8270.json b/2019/8xxx/CVE-2019-8270.json index 6a01d11dab5..b0813674e5d 100644 --- a/2019/8xxx/CVE-2019-8270.json +++ b/2019/8xxx/CVE-2019-8270.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vulnerability@kaspersky.com", + "DATE_PUBLIC" : "2019-03-01T00:00:00", "ID" : "CVE-2019-8270", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "UltraVNC", + "version" : { + "version_data" : [ + { + "version_value" : "1.2.2.3" + } + ] + } + } + ] + }, + "vendor_name" : "Kaspersky Lab" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "UltraVNC revision 1210 has out-of-bounds read vulnerability in VNC client code inside Ultra decoder, which results in a denial of service (DoS) condition. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1211." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-017-ultravnc-out-of-bounds-read/" } ] } diff --git a/2019/8xxx/CVE-2019-8271.json b/2019/8xxx/CVE-2019-8271.json index f9b41135e2b..39ad73c2fd1 100644 --- a/2019/8xxx/CVE-2019-8271.json +++ b/2019/8xxx/CVE-2019-8271.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vulnerability@kaspersky.com", + "DATE_PUBLIC" : "2019-03-01T00:00:00", "ID" : "CVE-2019-8271", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "UltraVNC", + "version" : { + "version_data" : [ + { + "version_value" : "1.2.2.3" + } + ] + } + } + ] + }, + "vendor_name" : "Kaspersky Lab" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-018-ultravnc-heap-based-buffer-overflow/" } ] } diff --git a/2019/8xxx/CVE-2019-8272.json b/2019/8xxx/CVE-2019-8272.json index e4e94594f76..b7f9a44d7a7 100644 --- a/2019/8xxx/CVE-2019-8272.json +++ b/2019/8xxx/CVE-2019-8272.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vulnerability@kaspersky.com", + "DATE_PUBLIC" : "2019-03-01T00:00:00", "ID" : "CVE-2019-8272", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "UltraVNC", + "version" : { + "version_data" : [ + { + "version_value" : "1.2.2.3" + } + ] + } + } + ] + }, + "vendor_name" : "Kaspersky Lab" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "UltraVNC revision 1211 has multiple off-by-one vulnerabilities in VNC server code, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-193: Off-by-one Error" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-019-ultravnc-off-by-one-error/" } ] } diff --git a/2019/8xxx/CVE-2019-8273.json b/2019/8xxx/CVE-2019-8273.json index c7aadf82451..4edc3a43428 100644 --- a/2019/8xxx/CVE-2019-8273.json +++ b/2019/8xxx/CVE-2019-8273.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vulnerability@kaspersky.com", + "DATE_PUBLIC" : "2019-03-01T00:00:00", "ID" : "CVE-2019-8273", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "UltraVNC", + "version" : { + "version_data" : [ + { + "version_value" : "1.2.2.3" + } + ] + } + } + ] + }, + "vendor_name" : "Kaspersky Lab" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-020-ultravnc-heap-based-buffer-overflow/" } ] } diff --git a/2019/8xxx/CVE-2019-8274.json b/2019/8xxx/CVE-2019-8274.json index c9ab39b56d3..a84f0e00756 100644 --- a/2019/8xxx/CVE-2019-8274.json +++ b/2019/8xxx/CVE-2019-8274.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vulnerability@kaspersky.com", + "DATE_PUBLIC" : "2019-03-01T00:00:00", "ID" : "CVE-2019-8274", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "UltraVNC", + "version" : { + "version_data" : [ + { + "version_value" : "1.2.2.3" + } + ] + } + } + ] + }, + "vendor_name" : "Kaspersky Lab" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-021-ultravnc-heap-based-buffer-overflow/" } ] } diff --git a/2019/8xxx/CVE-2019-8275.json b/2019/8xxx/CVE-2019-8275.json index 5db79780499..0b6f9229257 100644 --- a/2019/8xxx/CVE-2019-8275.json +++ b/2019/8xxx/CVE-2019-8275.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vulnerability@kaspersky.com", + "DATE_PUBLIC" : "2019-03-01T00:00:00", "ID" : "CVE-2019-8275", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "UltraVNC", + "version" : { + "version_data" : [ + { + "version_value" : "1.2.2.3" + } + ] + } + } + ] + }, + "vendor_name" : "Kaspersky Lab" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "UltraVNC revision 1211 has multiple improper null termination vulnerabilities in VNC server code, which result in out-of-bound data being accessed by remote users. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-170: Improper Null Termination" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-022-ultravnc-improper-null-termination/" } ] } diff --git a/2019/8xxx/CVE-2019-8276.json b/2019/8xxx/CVE-2019-8276.json index 213fe5da1c3..1832ef21b29 100644 --- a/2019/8xxx/CVE-2019-8276.json +++ b/2019/8xxx/CVE-2019-8276.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vulnerability@kaspersky.com", + "DATE_PUBLIC" : "2019-03-01T00:00:00", "ID" : "CVE-2019-8276", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "UltraVNC", + "version" : { + "version_data" : [ + { + "version_value" : "1.2.2.3" + } + ] + } + } + ] + }, + "vendor_name" : "Kaspersky Lab" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "UltraVNC revision 1211 has a stack buffer overflow vulnerability in VNC server code inside file transfer request handler, which can result in Denial of Service (DoS). This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-023-ultravnc-stack-based-buffer-overflow/" } ] } diff --git a/2019/8xxx/CVE-2019-8277.json b/2019/8xxx/CVE-2019-8277.json index 9a66413fe23..c4d391d5bb2 100644 --- a/2019/8xxx/CVE-2019-8277.json +++ b/2019/8xxx/CVE-2019-8277.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vulnerability@kaspersky.com", + "DATE_PUBLIC" : "2019-03-01T00:00:00", "ID" : "CVE-2019-8277", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "UltraVNC", + "version" : { + "version_data" : [ + { + "version_value" : "1.2.2.3" + } + ] + } + } + ] + }, + "vendor_name" : "Kaspersky Lab" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "UltraVNC revision 1211 contains multiple memory leaks (CWE-655) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-665: Improper Initialization" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-024-ultravnc-improper-initialization/" } ] } diff --git a/2019/8xxx/CVE-2019-8280.json b/2019/8xxx/CVE-2019-8280.json index 6d80f266132..5c802bbd37e 100644 --- a/2019/8xxx/CVE-2019-8280.json +++ b/2019/8xxx/CVE-2019-8280.json @@ -1,8 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vulnerability@kaspersky.com", + "DATE_PUBLIC" : "2019-03-01T00:00:00", "ID" : "CVE-2019-8280", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "UltraVNC", + "version" : { + "version_data" : [ + { + "version_value" : "1.2.2.3" + } + ] + } + } + ] + }, + "vendor_name" : "Kaspersky Lab" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +35,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This attack appear to be exploitable via network connectivity. This vulnerability has been fixed in revision 1204." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-788: Access of Memory Location After End of Buffer" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-009-ultravnc-access-of-memory-location-after-end-of-buffer/" } ] }