diff --git a/2019/3xxx/CVE-2019-3812.json b/2019/3xxx/CVE-2019-3812.json index 1e11c07b121..34f09cf7cdb 100644 --- a/2019/3xxx/CVE-2019-3812.json +++ b/2019/3xxx/CVE-2019-3812.json @@ -1,71 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-3812", - "ASSIGNER": "psampaio@redhat.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "The QEMU Project", - "product": { - "product_data": [ - { - "product_name": "qemu", - "version": { - "version_data": [ - { - "version_value": "through version 2.10 and through to 3.1.0" - } - ] - } - } - ] - } - } + "CVE_data_meta" : { + "ASSIGNER" : "psampaio@redhat.com", + "ID" : "CVE-2019-3812", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "qemu", + "version" : { + "version_data" : [ + { + "version_value" : "through version 2.10 and through to 3.1.0" + } + ] + } + } + ] + }, + "vendor_name" : "The QEMU Project" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "4.4/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-119" + } ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-119" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3812", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3812", - "refsource": "CONFIRM" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "QEMU, through version 2.10 and through version 3.1.0, is vulnerable to an out-of-bounds read of up to 128 bytes in the hw/i2c/i2c-ddc.c:i2c_ddc() function. A local attacker with permission to execute i2c commands could exploit this to read stack memory of the qemu process on the host." - } - ] - }, - "impact": { - "cvss": [ - [ - { - "vectorString": "4.4/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", - "version": "3.0" - } - ] - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3812", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3812" + } + ] + } } diff --git a/2019/8xxx/CVE-2019-8934.json b/2019/8xxx/CVE-2019-8934.json new file mode 100644 index 00000000000..5ffe26470b2 --- /dev/null +++ b/2019/8xxx/CVE-2019-8934.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-8934", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +}