From bd3edc696c7c321826907319cba75e988d09c374 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 21 Apr 2019 17:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/10xxx/CVE-2018-10754.json | 2 +- 2018/19xxx/CVE-2018-19211.json | 2 +- 2019/11xxx/CVE-2019-11234.json | 76 ++++++++++++++++++++++++--- 2019/11xxx/CVE-2019-11235.json | 76 ++++++++++++++++++++++++--- 2019/11xxx/CVE-2019-11402.json | 62 ++++++++++++++++++++++ 2019/11xxx/CVE-2019-11403.json | 62 ++++++++++++++++++++++ 2019/11xxx/CVE-2019-11404.json | 96 ++++++++++++++++++++++++++++++++++ 2019/11xxx/CVE-2019-11405.json | 86 ++++++++++++++++++++++++++++++ 2019/11xxx/CVE-2019-11406.json | 18 +++++++ 9 files changed, 466 insertions(+), 14 deletions(-) create mode 100644 2019/11xxx/CVE-2019-11402.json create mode 100644 2019/11xxx/CVE-2019-11403.json create mode 100644 2019/11xxx/CVE-2019-11404.json create mode 100644 2019/11xxx/CVE-2019-11405.json create mode 100644 2019/11xxx/CVE-2019-11406.json diff --git a/2018/10xxx/CVE-2018-10754.json b/2018/10xxx/CVE-2018-10754.json index b1336338d25..f5ccae58cc4 100644 --- a/2018/10xxx/CVE-2018-10754.json +++ b/2018/10xxx/CVE-2018-10754.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax." + "value": "In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax. The product proceeds to the dereference code path even after a \"dubious character `[' in name or alias field\" detection." } ] }, diff --git a/2018/19xxx/CVE-2018-19211.json b/2018/19xxx/CVE-2018-19211.json index 175b9f6305d..1194e2e3538 100644 --- a/2018/19xxx/CVE-2018-19211.json +++ b/2018/19xxx/CVE-2018-19211.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack." + "value": "In ncurses 6.1, there is a NULL pointer dereference at function _nc_parse_entry in parse_entry.c that will lead to a denial of service attack. The product proceeds to the dereference code path even after a \"dubious character `*' in name or alias field\" detection." } ] }, diff --git a/2019/11xxx/CVE-2019-11234.json b/2019/11xxx/CVE-2019-11234.json index d1112be7a96..d6dafd54b75 100644 --- a/2019/11xxx/CVE-2019-11234.json +++ b/2019/11xxx/CVE-2019-11234.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11234", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11234", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9497." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19", + "refsource": "MISC", + "name": "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19" + }, + { + "url": "https://papers.mathyvanhoef.com/dragonblood.pdf", + "refsource": "MISC", + "name": "https://papers.mathyvanhoef.com/dragonblood.pdf" + }, + { + "url": "https://www.kb.cert.org/vuls/id/871675/", + "refsource": "MISC", + "name": "https://www.kb.cert.org/vuls/id/871675/" + }, + { + "url": "https://freeradius.org/security/", + "refsource": "MISC", + "name": "https://freeradius.org/security/" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783" } ] } diff --git a/2019/11xxx/CVE-2019-11235.json b/2019/11xxx/CVE-2019-11235.json index e608636ecea..cca6e00f638 100644 --- a/2019/11xxx/CVE-2019-11235.json +++ b/2019/11xxx/CVE-2019-11235.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11235", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11235", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "FreeRADIUS before 3.0.19 mishandles the \"each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used\" protection mechanism, aka a \"Dragonblood\" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19", + "refsource": "MISC", + "name": "https://freeradius.org/release_notes/?br=3.0.x&re=3.0.19" + }, + { + "url": "https://papers.mathyvanhoef.com/dragonblood.pdf", + "refsource": "MISC", + "name": "https://papers.mathyvanhoef.com/dragonblood.pdf" + }, + { + "url": "https://www.kb.cert.org/vuls/id/871675/", + "refsource": "MISC", + "name": "https://www.kb.cert.org/vuls/id/871675/" + }, + { + "url": "https://freeradius.org/security/", + "refsource": "MISC", + "name": "https://freeradius.org/security/" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748" } ] } diff --git a/2019/11xxx/CVE-2019-11402.json b/2019/11xxx/CVE-2019-11402.json new file mode 100644 index 00000000000..5fed9658b67 --- /dev/null +++ b/2019/11xxx/CVE-2019-11402.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-11402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Gradle Enterprise before 2018.5.3, Build Cache Nodes did not store the credentials at rest in an encrypted format." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gradle.com/enterprise/releases/2018.5/#changes-3", + "refsource": "MISC", + "name": "https://gradle.com/enterprise/releases/2018.5/#changes-3" + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11403.json b/2019/11xxx/CVE-2019-11403.json new file mode 100644 index 00000000000..e7e8fba3af1 --- /dev/null +++ b/2019/11xxx/CVE-2019-11403.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-11403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Gradle Enterprise before 2018.5.2, Build Cache Nodes would reflect the configured password back when viewing the HTML page source of the settings page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gradle.com/enterprise/releases/2018.5/#changes-2", + "refsource": "MISC", + "name": "https://gradle.com/enterprise/releases/2018.5/#changes-2" + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11404.json b/2019/11xxx/CVE-2019-11404.json new file mode 100644 index 00000000000..8e39b170fa6 --- /dev/null +++ b/2019/11xxx/CVE-2019-11404.json @@ -0,0 +1,96 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-11404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by an MITM attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/arrow-kt/arrow/issues/1310", + "refsource": "MISC", + "name": "https://github.com/arrow-kt/arrow/issues/1310" + }, + { + "url": "https://github.com/arrow-kt/arrow/commit/74198dab522393487d5344f194dc21208ab71ae8", + "refsource": "MISC", + "name": "https://github.com/arrow-kt/arrow/commit/74198dab522393487d5344f194dc21208ab71ae8" + }, + { + "url": "https://github.com/arrow-kt/arrow/releases/tag/0.9.0", + "refsource": "MISC", + "name": "https://github.com/arrow-kt/arrow/releases/tag/0.9.0" + }, + { + "url": "https://github.com/arrow-kt/ank/issues/35", + "refsource": "MISC", + "name": "https://github.com/arrow-kt/ank/issues/35" + }, + { + "url": "https://github.com/arrow-kt/ank/pull/36", + "refsource": "MISC", + "name": "https://github.com/arrow-kt/ank/pull/36" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11405.json b/2019/11xxx/CVE-2019-11405.json new file mode 100644 index 00000000000..b428a95b1de --- /dev/null +++ b/2019/11xxx/CVE-2019-11405.json @@ -0,0 +1,86 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-11405", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenAPI Tools OpenAPI Generator before 4.0.0-20190419.052012-560 uses http:// URLs in various build.gradle, build.gradle.mustache, and build.sbt files, which may have caused insecurely resolved dependencies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/OpenAPITools/openapi-generator/issues/2253", + "refsource": "MISC", + "name": "https://github.com/OpenAPITools/openapi-generator/issues/2253" + }, + { + "url": "https://github.com/OpenAPITools/openapi-generator/pull/2248", + "refsource": "MISC", + "name": "https://github.com/OpenAPITools/openapi-generator/pull/2248" + }, + { + "url": "https://github.com/OpenAPITools/openapi-generator/pull/2697", + "refsource": "MISC", + "name": "https://github.com/OpenAPITools/openapi-generator/pull/2697" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11406.json b/2019/11xxx/CVE-2019-11406.json new file mode 100644 index 00000000000..89a8920b164 --- /dev/null +++ b/2019/11xxx/CVE-2019-11406.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11406", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file