From b054b39946b028f3765f486f12c11f742101cc08 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sat, 21 Mar 2020 01:01:17 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2013/7xxx/CVE-2013-7487.json | 56 +++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12767.json | 56 +++++++++++++++++++++++++--- 2019/15xxx/CVE-2019-15608.json | 17 ++++++--- 2019/17xxx/CVE-2019-17185.json | 67 ++++++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18936.json | 67 ++++++++++++++++++++++++++++++++++ 5 files changed, 246 insertions(+), 17 deletions(-) create mode 100644 2019/17xxx/CVE-2019-17185.json create mode 100644 2019/18xxx/CVE-2019-18936.json diff --git a/2013/7xxx/CVE-2013-7487.json b/2013/7xxx/CVE-2013-7487.json index 1bc061c0fd1..479600928a4 100644 --- a/2013/7xxx/CVE-2013-7487.json +++ b/2013/7xxx/CVE-2013-7487.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2013-7487", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2013-7487", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr application has a vulnerable call to \u201csystem\u201d, which allows remote attackers to execute arbitrary code via TCP port 9000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html", + "refsource": "MISC", + "name": "http://console-cowboys.blogspot.com/2013/01/swann-song-dvr-insecurity.html" } ] } diff --git a/2019/12xxx/CVE-2019-12767.json b/2019/12xxx/CVE-2019-12767.json index 739eed95cf5..58e31d593de 100644 --- a/2019/12xxx/CVE-2019-12767.json +++ b/2019/12xxx/CVE-2019-12767.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12767", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12767", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H Hot Fix. Attackers can execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DAP-1650/REVA/DAP-1650_REVA_RELEASE_NOTES_v1.04B02_J65H.pdf", + "url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DAP-1650/REVA/DAP-1650_REVA_RELEASE_NOTES_v1.04B02_J65H.pdf" } ] } diff --git a/2019/15xxx/CVE-2019-15608.json b/2019/15xxx/CVE-2019-15608.json index 3a3873f537b..b873bae4637 100644 --- a/2019/15xxx/CVE-2019-15608.json +++ b/2019/15xxx/CVE-2019-15608.json @@ -19,10 +19,7 @@ "version": { "version_data": [ { - "version_value": "before 1.19.0" - }, - { - "version_value": "fixed in 1.19.0" + "version_value": "Fixed in 1.19.0" } ] } @@ -51,6 +48,16 @@ "refsource": "MISC", "name": "https://hackerone.com/reports/703138", "url": "https://hackerone.com/reports/703138" + }, + { + "refsource": "MISC", + "name": "https://github.com/yarnpkg/yarn/commit/0474b8c66a8ea298f5e4dedc67b2de464297ad1c", + "url": "https://github.com/yarnpkg/yarn/commit/0474b8c66a8ea298f5e4dedc67b2de464297ad1c" + }, + { + "refsource": "MISC", + "name": "https://github.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1190", + "url": "https://github.com/yarnpkg/yarn/blob/master/CHANGELOG.md#1190" } ] }, @@ -58,7 +65,7 @@ "description_data": [ { "lang": "eng", - "value": "The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack. This issue is fixed in 1.19.0." + "value": "The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack." } ] } diff --git a/2019/17xxx/CVE-2019-17185.json b/2019/17xxx/CVE-2019-17185.json new file mode 100644 index 00000000000..f4aed89ea1e --- /dev/null +++ b/2019/17xxx/CVE-2019-17185.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://freeradius.org/security/", + "refsource": "MISC", + "name": "https://freeradius.org/security/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20", + "url": "https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_0_20" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18936.json b/2019/18xxx/CVE-2019-18936.json new file mode 100644 index 00000000000..835be8118b1 --- /dev/null +++ b/2019/18xxx/CVE-2019-18936.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UniValue::read() in UniValue before 1.0.5 allow attackers to cause a denial of service (the class internal data reaches an inconsistent state) via input data that triggers an error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jgarzik/univalue/compare/v1.0.4...v1.0.5", + "refsource": "MISC", + "name": "https://github.com/jgarzik/univalue/compare/v1.0.4...v1.0.5" + }, + { + "url": "https://github.com/jgarzik/univalue/pull/58", + "refsource": "MISC", + "name": "https://github.com/jgarzik/univalue/pull/58" + } + ] + } +} \ No newline at end of file