diff --git a/2019/11xxx/CVE-2019-11384.json b/2019/11xxx/CVE-2019-11384.json index 3238716bb37..a396c9ff735 100644 --- a/2019/11xxx/CVE-2019-11384.json +++ b/2019/11xxx/CVE-2019-11384.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11384", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11384", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Zalora application 6.15.1 for Android stores confidential information insecurely on the system (i.e. plain text), which allows a non-root user to find out the username/password of a valid user via /data/data/com.zalora.android/shared_prefs/login_data.xml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://pastebin.com/c90h9WfB", + "url": "https://pastebin.com/c90h9WfB" } ] } diff --git a/2019/11xxx/CVE-2019-11447.json b/2019/11xxx/CVE-2019-11447.json index 2b3bbea6359..3df8634183d 100644 --- a/2019/11xxx/CVE-2019-11447.json +++ b/2019/11xxx/CVE-2019-11447.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "EXPLOIT-DB", + "name": "46698", + "url": "https://www.exploit-db.com/exploits/46698/" + }, { "url": "https://www.exploit-db.com/exploits/46698", "refsource": "MISC", diff --git a/2019/11xxx/CVE-2019-11459.json b/2019/11xxx/CVE-2019-11459.json new file mode 100644 index 00000000000..ae22f144cef --- /dev/null +++ b/2019/11xxx/CVE-2019-11459.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11459", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11460.json b/2019/11xxx/CVE-2019-11460.json new file mode 100644 index 00000000000..e48f865d45b --- /dev/null +++ b/2019/11xxx/CVE-2019-11460.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11460", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11461.json b/2019/11xxx/CVE-2019-11461.json new file mode 100644 index 00000000000..8af0a4f3f6c --- /dev/null +++ b/2019/11xxx/CVE-2019-11461.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-11461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.gnome.org/GNOME/nautilus/issues/987", + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/nautilus/issues/987" + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11462.json b/2019/11xxx/CVE-2019-11462.json new file mode 100644 index 00000000000..7e3452f2475 --- /dev/null +++ b/2019/11xxx/CVE-2019-11462.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11462", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5427.json b/2019/5xxx/CVE-2019-5427.json index 6f183a362cb..f939b088191 100644 --- a/2019/5xxx/CVE-2019-5427.json +++ b/2019/5xxx/CVE-2019-5427.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5427", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5427", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "c3p0", + "version": { + "version_data": [ + { + "version_value": "before 0.9.5.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML Entity Expansion (CWE-776)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/509315", + "url": "https://hackerone.com/reports/509315" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration." } ] } diff --git a/2019/5xxx/CVE-2019-5428.json b/2019/5xxx/CVE-2019-5428.json index da232584b05..351153c105e 100644 --- a/2019/5xxx/CVE-2019-5428.json +++ b/2019/5xxx/CVE-2019-5428.json @@ -1,17 +1,71 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5428", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5428", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "jQuery", + "version": { + "version_data": [ + { + "version_value": "before 3.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Modification of Assumed-Immutable Data (MAID) (CWE-471)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/", + "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/" + }, + { + "refsource": "MISC", + "name": "https://github.com/jquery/jquery/pull/4333", + "url": "https://github.com/jquery/jquery/pull/4333" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/454365", + "url": "https://hackerone.com/reports/454365" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A prototype pollution vulnerability exists in jQuery versions < 3.4.0 that allows an attacker to inject properties on Object.prototype." } ] }