diff --git a/2018/11xxx/CVE-2018-11289.json b/2018/11xxx/CVE-2018-11289.json index 804f3060359..152143f1bf8 100644 --- a/2018/11xxx/CVE-2018-11289.json +++ b/2018/11xxx/CVE-2018-11289.json @@ -34,7 +34,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Data truncation during higher to lower type conversion which causes less memory allocation than desired can leads to a buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130" + "value" : "Data truncation during higher to lower type conversion which causes less memory allocation than desired can lead to a buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130." } ] }, diff --git a/2018/13xxx/CVE-2018-13905.json b/2018/13xxx/CVE-2018-13905.json index 231b9c61216..75d5495d263 100644 --- a/2018/13xxx/CVE-2018-13905.json +++ b/2018/13xxx/CVE-2018-13905.json @@ -34,7 +34,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "KGSL syncsource lock not handled properly during syncsource cleanup can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, SD 210/SD 212/SD 205, SD 439 / SD 429, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX24" + "value" : "KGSL syncsource lock not handled properly during syncsource cleanup can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, QCS605, SD 210/SD 212/SD 205, SD 439 / SD 429, SD 712 / SD 710 / SD 670, SD 820A, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX24." } ] }, diff --git a/2018/13xxx/CVE-2018-13912.json b/2018/13xxx/CVE-2018-13912.json index 5f761b7cbff..45aa4019eb4 100644 --- a/2018/13xxx/CVE-2018-13912.json +++ b/2018/13xxx/CVE-2018-13912.json @@ -34,7 +34,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Arbitrary write issue occur when user provides kernel address In compat mode in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24" + "value" : "Arbitrary write issue can occur when user provides kernel address in compat mode in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24." } ] }, diff --git a/2018/13xxx/CVE-2018-13913.json b/2018/13xxx/CVE-2018-13913.json index cc676486f1f..52f02d5ba13 100644 --- a/2018/13xxx/CVE-2018-13913.json +++ b/2018/13xxx/CVE-2018-13913.json @@ -34,7 +34,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Improper validation of array index can lead to unauthorized access while processing debugFS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in version MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24" + "value" : "Improper validation of array index can lead to unauthorized access while processing debugFS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in version MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24." } ] }, diff --git a/2018/13xxx/CVE-2018-13914.json b/2018/13xxx/CVE-2018-13914.json index 1bcf600021f..83a7fce71ef 100644 --- a/2018/13xxx/CVE-2018-13914.json +++ b/2018/13xxx/CVE-2018-13914.json @@ -34,7 +34,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Lack of input validation for data received from user space can lead to an out of bound array issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in version MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 636, SD 820A, SD 835, SDM630, SDM660, SDX20" + "value" : "Lack of input validation for data received from user space can lead to an out of bound array issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in version MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 636, SD 820A, SD 835, SDM630, SDM660, SDX20." } ] }, diff --git a/2018/15xxx/CVE-2018-15777.json b/2018/15xxx/CVE-2018-15777.json index 01e8f8f547a..05b76942360 100644 --- a/2018/15xxx/CVE-2018-15777.json +++ b/2018/15xxx/CVE-2018-15777.json @@ -2,7 +2,7 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-15777", - "STATE" : "RESERVED" + "STATE" : "REJECT" }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +11,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." } ] } diff --git a/2018/20xxx/CVE-2018-20063.json b/2018/20xxx/CVE-2018-20063.json index 1de4e28042b..3c207254620 100644 --- a/2018/20xxx/CVE-2018-20063.json +++ b/2018/20xxx/CVE-2018-20063.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-20063", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Gurock TestRail 5.6.0.3853. An \"Unrestricted Upload of File\" vulnerability exists in the image-upload form (available in the description editor), allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a safe Content-Type value, and then accessing it via a direct request to the file in the file-upload directory (if it's accessible according to the server configuration)." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://medium.com/@vrico315/unrestricted-upload-of-file-with-dangerous-type-in-gurocks-testrail-11d9f4d13688", + "refsource" : "MISC", + "url" : "https://medium.com/@vrico315/unrestricted-upload-of-file-with-dangerous-type-in-gurocks-testrail-11d9f4d13688" } ] } diff --git a/2018/3xxx/CVE-2018-3616.json b/2018/3xxx/CVE-2018-3616.json index 8dfe120199f..ed9832b7a0c 100644 --- a/2018/3xxx/CVE-2018-3616.json +++ b/2018/3xxx/CVE-2018-3616.json @@ -53,6 +53,11 @@ }, "references" : { "reference_data" : [ + { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05", + "refsource" : "MISC", + "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05" + }, { "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html", "refsource" : "CONFIRM", diff --git a/2018/3xxx/CVE-2018-3657.json b/2018/3xxx/CVE-2018-3657.json index 3aace510bb8..c86e7e62730 100644 --- a/2018/3xxx/CVE-2018-3657.json +++ b/2018/3xxx/CVE-2018-3657.json @@ -53,6 +53,11 @@ }, "references" : { "reference_data" : [ + { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05", + "refsource" : "MISC", + "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05" + }, { "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html", "refsource" : "CONFIRM", diff --git a/2018/3xxx/CVE-2018-3658.json b/2018/3xxx/CVE-2018-3658.json index 861209f4a4f..bdd2dee9c81 100644 --- a/2018/3xxx/CVE-2018-3658.json +++ b/2018/3xxx/CVE-2018-3658.json @@ -53,6 +53,11 @@ }, "references" : { "reference_data" : [ + { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05", + "refsource" : "MISC", + "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-043-05" + }, { "name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html", "refsource" : "CONFIRM", diff --git a/2018/7xxx/CVE-2018-7800.json b/2018/7xxx/CVE-2018-7800.json index 4a094d8b296..15ce1f11e86 100644 --- a/2018/7xxx/CVE-2018-7800.json +++ b/2018/7xxx/CVE-2018-7800.json @@ -52,6 +52,11 @@ }, "references" : { "reference_data" : [ + { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01", + "refsource" : "MISC", + "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01" + }, { "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-01/", "refsource" : "CONFIRM", diff --git a/2018/7xxx/CVE-2018-7801.json b/2018/7xxx/CVE-2018-7801.json index 5483bdd94a5..d91169f9a23 100644 --- a/2018/7xxx/CVE-2018-7801.json +++ b/2018/7xxx/CVE-2018-7801.json @@ -52,6 +52,11 @@ }, "references" : { "reference_data" : [ + { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01", + "refsource" : "MISC", + "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01" + }, { "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-01/", "refsource" : "CONFIRM", diff --git a/2018/7xxx/CVE-2018-7802.json b/2018/7xxx/CVE-2018-7802.json index 2830f0487f9..5e4a561eaad 100644 --- a/2018/7xxx/CVE-2018-7802.json +++ b/2018/7xxx/CVE-2018-7802.json @@ -52,6 +52,11 @@ }, "references" : { "reference_data" : [ + { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01", + "refsource" : "MISC", + "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-031-01" + }, { "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-354-01/", "refsource" : "CONFIRM", diff --git a/2019/6xxx/CVE-2019-6265.json b/2019/6xxx/CVE-2019-6265.json index 7297cebd0d0..d8cc6eacbb6 100644 --- a/2019/6xxx/CVE-2019-6265.json +++ b/2019/6xxx/CVE-2019-6265.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-6265", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Scripting and AutoUpdate functionality in Cordaware bestinformed Microsoft Windows client versions before 6.2.1.0 are affected by insecure implementations which allow remote attackers to execute arbitrary commands and escalate privileges." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.detack.de/en/cve-2019-6265-6266", + "refsource" : "MISC", + "url" : "https://www.detack.de/en/cve-2019-6265-6266" } ] } diff --git a/2019/6xxx/CVE-2019-6266.json b/2019/6xxx/CVE-2019-6266.json index be6684f7187..feaf8ca2318 100644 --- a/2019/6xxx/CVE-2019-6266.json +++ b/2019/6xxx/CVE-2019-6266.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-6266", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.detack.de/en/cve-2019-6265-6266", + "refsource" : "MISC", + "url" : "https://www.detack.de/en/cve-2019-6265-6266" } ] } diff --git a/2019/9xxx/CVE-2019-9163.json b/2019/9xxx/CVE-2019-9163.json new file mode 100644 index 00000000000..6436a04d194 --- /dev/null +++ b/2019/9xxx/CVE-2019-9163.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9163", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9164.json b/2019/9xxx/CVE-2019-9164.json new file mode 100644 index 00000000000..890d080b779 --- /dev/null +++ b/2019/9xxx/CVE-2019-9164.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9164", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9165.json b/2019/9xxx/CVE-2019-9165.json new file mode 100644 index 00000000000..7c5e0833366 --- /dev/null +++ b/2019/9xxx/CVE-2019-9165.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9165", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9166.json b/2019/9xxx/CVE-2019-9166.json new file mode 100644 index 00000000000..61c5b702f68 --- /dev/null +++ b/2019/9xxx/CVE-2019-9166.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9166", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9167.json b/2019/9xxx/CVE-2019-9167.json new file mode 100644 index 00000000000..107f8b74975 --- /dev/null +++ b/2019/9xxx/CVE-2019-9167.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9167", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +}