From afd2d50ef0f8d7d76aad8d771651e7550d191808 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 6 Jun 2019 15:00:50 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2016/10xxx/CVE-2016-10745.json | 5 +++ 2019/10xxx/CVE-2019-10906.json | 5 +++ 2019/12xxx/CVE-2019-12732.json | 61 ++++++++++++++++++++++++++++---- 2019/12xxx/CVE-2019-12744.json | 18 ++++++++++ 2019/12xxx/CVE-2019-12745.json | 18 ++++++++++ 2019/12xxx/CVE-2019-12746.json | 18 ++++++++++ 2019/12xxx/CVE-2019-12747.json | 18 ++++++++++ 2019/12xxx/CVE-2019-12748.json | 18 ++++++++++ 2019/1xxx/CVE-2019-1870.json | 5 +++ 2019/5xxx/CVE-2019-5214.json | 58 ++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5216.json | 64 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5219.json | 58 ++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5241.json | 58 ++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5242.json | 58 ++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5295.json | 58 ++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5305.json | 58 ++++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8320.json | 53 ++++++++++++++++++++++++++-- 17 files changed, 574 insertions(+), 57 deletions(-) create mode 100644 2019/12xxx/CVE-2019-12744.json create mode 100644 2019/12xxx/CVE-2019-12745.json create mode 100644 2019/12xxx/CVE-2019-12746.json create mode 100644 2019/12xxx/CVE-2019-12747.json create mode 100644 2019/12xxx/CVE-2019-12748.json diff --git a/2016/10xxx/CVE-2016-10745.json b/2016/10xxx/CVE-2016-10745.json index fb11c8bf6d1..2f4a1c08e60 100644 --- a/2016/10xxx/CVE-2016-10745.json +++ b/2016/10xxx/CVE-2016-10745.json @@ -81,6 +81,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1260", "url": "https://access.redhat.com/errata/RHSA-2019:1260" + }, + { + "refsource": "UBUNTU", + "name": "USN-4011-1", + "url": "https://usn.ubuntu.com/4011-1/" } ] } diff --git a/2019/10xxx/CVE-2019-10906.json b/2019/10xxx/CVE-2019-10906.json index c2ed88bd72d..885b23691da 100644 --- a/2019/10xxx/CVE-2019-10906.json +++ b/2019/10xxx/CVE-2019-10906.json @@ -131,6 +131,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1329", "url": "https://access.redhat.com/errata/RHSA-2019:1329" + }, + { + "refsource": "UBUNTU", + "name": "USN-4011-1", + "url": "https://usn.ubuntu.com/4011-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12732.json b/2019/12xxx/CVE-2019-12732.json index 79ad660ef3d..07571f2a99c 100644 --- a/2019/12xxx/CVE-2019-12732.json +++ b/2019/12xxx/CVE-2019-12732.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12732", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12732", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Chartkick gem through 3.1.0 for Ruby allows XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/ankane/chartkick/issues/488", + "url": "https://github.com/ankane/chartkick/issues/488" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/ankane/chartkick/blob/master/CHANGELOG.md", + "url": "https://github.com/ankane/chartkick/blob/master/CHANGELOG.md" } ] } diff --git a/2019/12xxx/CVE-2019-12744.json b/2019/12xxx/CVE-2019-12744.json new file mode 100644 index 00000000000..e78a31d2478 --- /dev/null +++ b/2019/12xxx/CVE-2019-12744.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12744", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12745.json b/2019/12xxx/CVE-2019-12745.json new file mode 100644 index 00000000000..141c0ed3cb2 --- /dev/null +++ b/2019/12xxx/CVE-2019-12745.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12745", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12746.json b/2019/12xxx/CVE-2019-12746.json new file mode 100644 index 00000000000..c5636c51ec4 --- /dev/null +++ b/2019/12xxx/CVE-2019-12746.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12746", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12747.json b/2019/12xxx/CVE-2019-12747.json new file mode 100644 index 00000000000..3b09123db31 --- /dev/null +++ b/2019/12xxx/CVE-2019-12747.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12747", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12748.json b/2019/12xxx/CVE-2019-12748.json new file mode 100644 index 00000000000..b79ebf7486f --- /dev/null +++ b/2019/12xxx/CVE-2019-12748.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12748", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1870.json b/2019/1xxx/CVE-2019-1870.json index 738eaf8ff15..41655dc6262 100644 --- a/2019/1xxx/CVE-2019-1870.json +++ b/2019/1xxx/CVE-2019-1870.json @@ -72,6 +72,11 @@ "name": "20190605 Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190605-ece-xss" + }, + { + "refsource": "BID", + "name": "108645", + "url": "http://www.securityfocus.com/bid/108645" } ] }, diff --git a/2019/5xxx/CVE-2019-5214.json b/2019/5xxx/CVE-2019-5214.json index 3c906b59468..db8a71c93ea 100644 --- a/2019/5xxx/CVE-2019-5214.json +++ b/2019/5xxx/CVE-2019-5214.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5214", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5214", + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "Huawei Mate10", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-smartphone-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-smartphone-en" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a use after free vulnerability on certain driver component in Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.167(C00E85R2P20T8). An attacker tricks the user into installing a malicious application, which make the software to reference memory after it has been freed. Successful exploit could cause a denial of service condition." } ] } diff --git a/2019/5xxx/CVE-2019-5216.json b/2019/5xxx/CVE-2019-5216.json index 74d2d73b8a4..8b23bea3ad3 100644 --- a/2019/5xxx/CVE-2019-5216.json +++ b/2019/5xxx/CVE-2019-5216.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5216", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5216", + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "Honor V10, Honor 10, Honor Play", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than Berkeley-AL20 9.0.0.156(C00E156R2P14T8)" + }, + { + "version_value": "Versions earlier than Columbia-AL10B 9.0.0.156(C00E156R1P20T8)" + }, + { + "version_value": "Versions earlier than Cornell-AL00A 9.0.0.156(C00E156R1P13T8)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "race condition" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190116-01-smartphone-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190116-01-smartphone-en" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a race condition vulnerability on Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.156(C00E156R2P14T8), Honor 10 smartphones versions earlier than Columbia-AL10B 9.0.0.156(C00E156R1P20T8) and Honor Play smartphones versions earlier than Cornell-AL00A 9.0.0.156(C00E156R1P13T8). An attacker tricks the user into installing a malicious application, which makes multiple processes to operate the same variate at the same time. Successful exploit could cause execution of malicious code." } ] } diff --git a/2019/5xxx/CVE-2019-5219.json b/2019/5xxx/CVE-2019-5219.json index 4550738cb67..f884d78055c 100644 --- a/2019/5xxx/CVE-2019-5219.json +++ b/2019/5xxx/CVE-2019-5219.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5219", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5219", + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "Mate10", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "double free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190130-01-smartphone-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190130-01-smartphone-en" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition." } ] } diff --git a/2019/5xxx/CVE-2019-5241.json b/2019/5xxx/CVE-2019-5241.json index 36380775914..01eb238bea3 100644 --- a/2019/5xxx/CVE-2019-5241.json +++ b/2019/5xxx/CVE-2019-5241.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5241", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5241", + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "PCManager", + "version": { + "version_data": [ + { + "version_value": "versions earlier than PCManager 9.0.1.50" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-pcmanager-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-pcmanager-en" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a privilege escalation vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause the attacker to obtain a higher privilege." } ] } diff --git a/2019/5xxx/CVE-2019-5242.json b/2019/5xxx/CVE-2019-5242.json index a9f3546ed6c..16154d3f0df 100644 --- a/2019/5xxx/CVE-2019-5242.json +++ b/2019/5xxx/CVE-2019-5242.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5242", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5242", + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "PCManager", + "version": { + "version_data": [ + { + "version_value": "versions earlier than PCManager 9.0.1.50" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-pcmanager-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190109-01-pcmanager-en" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a code execution vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause the attacker to execute malicious code and read/write memory." } ] } diff --git a/2019/5xxx/CVE-2019-5295.json b/2019/5xxx/CVE-2019-5295.json index b8adecabf52..6660fb0ee26 100644 --- a/2019/5xxx/CVE-2019-5295.json +++ b/2019/5xxx/CVE-2019-5295.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5295", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5295", + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "Honor V10", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authorization bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190131-01-phone-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190131-01-phone-en" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8) have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This vulnerability can be exploited to perform operations beyond the scope of authorization." } ] } diff --git a/2019/5xxx/CVE-2019-5305.json b/2019/5xxx/CVE-2019-5305.json index 983332df2f2..f99cb51e0ea 100644 --- a/2019/5xxx/CVE-2019-5305.json +++ b/2019/5xxx/CVE-2019-5305.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5305", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5305", + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Huawei", + "product": { + "product_data": [ + { + "product_name": "Mate 10", + "version": { + "version_data": [ + { + "version_value": "The versions before ALP-L29 9.0.0.159(C185)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "memory double free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190128-01-ivp-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190128-01-ivp-en" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The image processing module of some Huawei Mate 10 smartphones versions before ALP-L29 9.0.0.159(C185) has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can call special API, which could trigger double free and cause a system crash." } ] } diff --git a/2019/8xxx/CVE-2019-8320.json b/2019/8xxx/CVE-2019-8320.json index 1e8d682c1ee..950fae00fe6 100644 --- a/2019/8xxx/CVE-2019-8320.json +++ b/2019/8xxx/CVE-2019-8320.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-8320", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Directory Traversal issue was discovered in RubyGems 2.7.6 and later through 3.0.2. Before making new directories or touching files (which now include path-checking code for symlinks), it would delete the target destination. If that destination was hidden behind a symlink, a malicious gem could delete arbitrary files on the user's machine, presuming the attacker could guess at paths. Given how frequently gem is run as sudo, and how predictable paths are on modern systems (/tmp, /usr, etc.), this could likely lead to data loss or an unusable system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hackerone.com/reports/317321", + "refsource": "MISC", + "name": "https://hackerone.com/reports/317321" + }, + { + "refsource": "CONFIRM", + "name": "https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html", + "url": "https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html" } ] }