diff --git a/2017/1000xxx/CVE-2017-1000408.json b/2017/1000xxx/CVE-2017-1000408.json index 7bbb76d40c3..0a26e150883 100644 --- a/2017/1000xxx/CVE-2017-1000408.json +++ b/2017/1000xxx/CVE-2017-1000408.json @@ -73,6 +73,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft", "url": "http://www.openwall.com/lists/oss-security/2019/06/27/7" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", + "url": "http://www.openwall.com/lists/oss-security/2019/06/28/1" } ] } diff --git a/2017/7xxx/CVE-2017-7533.json b/2017/7xxx/CVE-2017-7533.json index c1af3f35898..467b74f5e08 100644 --- a/2017/7xxx/CVE-2017-7533.json +++ b/2017/7xxx/CVE-2017-7533.json @@ -141,6 +141,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft", "url": "http://www.openwall.com/lists/oss-security/2019/06/27/7" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", + "url": "http://www.openwall.com/lists/oss-security/2019/06/28/1" } ] } diff --git a/2018/14xxx/CVE-2018-14722.json b/2018/14xxx/CVE-2018-14722.json index 5ec3db6a05f..bf7b6bd46ac 100644 --- a/2018/14xxx/CVE-2018-14722.json +++ b/2018/14xxx/CVE-2018-14722.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft", "url": "http://www.openwall.com/lists/oss-security/2019/06/27/7" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", + "url": "http://www.openwall.com/lists/oss-security/2019/06/28/1" } ] } diff --git a/2018/15xxx/CVE-2018-15555.json b/2018/15xxx/CVE-2018-15555.json index 934fb50eb41..d8994d25f65 100644 --- a/2018/15xxx/CVE-2018-15555.json +++ b/2018/15xxx/CVE-2018-15555.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15555", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user \"root\" and password \"admin\" by using the enabled onboard UART headers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "FULLDISC", + "name": "20190611 [CVE-2018-15555 / 15556] Telus Actiontec WEB6000Q Local Privilege Escalation", + "url": "http://seclists.org/fulldisclosure/2019/Jun/1" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153262/Telus-Actiontec-WEB6000Q-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/153262/Telus-Actiontec-WEB6000Q-Privilege-Escalation.html" + }, + { + "refsource": "FULLDISC", + "name": "20190609 [CVE-2018-15555 / 15556] Telus Actiontec WEB6000Q Local Privilege Escalation", + "url": "http://seclists.org/fulldisclosure/2019/Jun/1" } ] } diff --git a/2018/18xxx/CVE-2018-18511.json b/2018/18xxx/CVE-2018-18511.json index 88c95198223..477ff8ea329 100644 --- a/2018/18xxx/CVE-2018-18511.json +++ b/2018/18xxx/CVE-2018-18511.json @@ -91,6 +91,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1534", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1664", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html" } ] }, diff --git a/2018/20xxx/CVE-2018-20843.json b/2018/20xxx/CVE-2018-20843.json index af41aaca0e8..87255ad920e 100644 --- a/2018/20xxx/CVE-2018-20843.json +++ b/2018/20xxx/CVE-2018-20843.json @@ -86,6 +86,16 @@ "refsource": "UBUNTU", "name": "USN-4040-2", "url": "https://usn.ubuntu.com/4040-2/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4472", + "url": "https://www.debian.org/security/2019/dsa-4472" + }, + { + "refsource": "BUGTRAQ", + "name": "20190628 [SECURITY] [DSA 4472-1] expat security update", + "url": "https://seclists.org/bugtraq/2019/Jun/39" } ] } diff --git a/2018/20xxx/CVE-2018-20845.json b/2018/20xxx/CVE-2018-20845.json index 3aadedfcb26..42c38d6faf8 100644 --- a/2018/20xxx/CVE-2018-20845.json +++ b/2018/20xxx/CVE-2018-20845.json @@ -56,6 +56,11 @@ "url": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c5bd64ea146162967c29bd2af0cbb845ba3eaaaf", "refsource": "MISC", "name": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c5bd64ea146162967c29bd2af0cbb845ba3eaaaf" + }, + { + "refsource": "BID", + "name": "108921", + "url": "http://www.securityfocus.com/bid/108921" } ] } diff --git a/2018/20xxx/CVE-2018-20846.json b/2018/20xxx/CVE-2018-20846.json index 5027d33c32d..b6e8fabbc7b 100644 --- a/2018/20xxx/CVE-2018-20846.json +++ b/2018/20xxx/CVE-2018-20846.json @@ -56,6 +56,11 @@ "url": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c277159986c80142180fbe5efb256bbf3bdf3edc", "refsource": "MISC", "name": "https://github.com/uclouvain/openjpeg/pull/1168/commits/c277159986c80142180fbe5efb256bbf3bdf3edc" + }, + { + "refsource": "BID", + "name": "108921", + "url": "http://www.securityfocus.com/bid/108921" } ] } diff --git a/2018/20xxx/CVE-2018-20847.json b/2018/20xxx/CVE-2018-20847.json index 91acfc42b5c..b9c0abd09ff 100644 --- a/2018/20xxx/CVE-2018-20847.json +++ b/2018/20xxx/CVE-2018-20847.json @@ -66,6 +66,11 @@ "url": "https://github.com/uclouvain/openjpeg/issues/431", "refsource": "MISC", "name": "https://github.com/uclouvain/openjpeg/issues/431" + }, + { + "refsource": "BID", + "name": "108921", + "url": "http://www.securityfocus.com/bid/108921" } ] } diff --git a/2018/5xxx/CVE-2018-5686.json b/2018/5xxx/CVE-2018-5686.json index 7e10323cede..3bc89b7d53c 100644 --- a/2018/5xxx/CVE-2018-5686.json +++ b/2018/5xxx/CVE-2018-5686.json @@ -66,6 +66,11 @@ "name": "DSA-4334", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4334" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190628 [SECURITY] [DLA 1838-1] mupdf security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00027.html" } ] } diff --git a/2018/6xxx/CVE-2018-6192.json b/2018/6xxx/CVE-2018-6192.json index ad675f3aaab..e6215fa2fd8 100644 --- a/2018/6xxx/CVE-2018-6192.json +++ b/2018/6xxx/CVE-2018-6192.json @@ -71,6 +71,11 @@ "name": "102822", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102822" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190628 [SECURITY] [DLA 1838-1] mupdf security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00027.html" } ] } diff --git a/2019/13xxx/CVE-2019-13012.json b/2019/13xxx/CVE-2019-13012.json new file mode 100644 index 00000000000..698a51a5879 --- /dev/null +++ b/2019/13xxx/CVE-2019-13012.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.59.1 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.gnome.org/GNOME/glib/issues/1658", + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/glib/issues/1658" + }, + { + "url": "https://gitlab.gnome.org/GNOME/glib/merge_requests/450", + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/glib/merge_requests/450" + }, + { + "url": "https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429", + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3459.json b/2019/3xxx/CVE-2019-3459.json index 56e2a2e02e8..ce2ed10fe47 100644 --- a/2019/3xxx/CVE-2019-3459.json +++ b/2019/3xxx/CVE-2019-3459.json @@ -101,6 +101,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft", "url": "http://www.openwall.com/lists/oss-security/2019/06/27/7" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", + "url": "http://www.openwall.com/lists/oss-security/2019/06/28/1" } ] }, diff --git a/2019/3xxx/CVE-2019-3460.json b/2019/3xxx/CVE-2019-3460.json index 49b7b87b4d3..cf583b8e80b 100644 --- a/2019/3xxx/CVE-2019-3460.json +++ b/2019/3xxx/CVE-2019-3460.json @@ -96,6 +96,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft", "url": "http://www.openwall.com/lists/oss-security/2019/06/27/7" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", + "url": "http://www.openwall.com/lists/oss-security/2019/06/28/1" } ] }, diff --git a/2019/5xxx/CVE-2019-5798.json b/2019/5xxx/CVE-2019-5798.json index 40fd3a492a0..76ee889345f 100644 --- a/2019/5xxx/CVE-2019-5798.json +++ b/2019/5xxx/CVE-2019-5798.json @@ -98,6 +98,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1534", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1664", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html" } ] }, diff --git a/2019/6xxx/CVE-2019-6130.json b/2019/6xxx/CVE-2019-6130.json index d54bfb7b63a..81c1193dcfc 100644 --- a/2019/6xxx/CVE-2019-6130.json +++ b/2019/6xxx/CVE-2019-6130.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-15af6a9a07", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CNJNEX5EW6YH5OARXXSSXW4HHC5PIBSY/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190628 [SECURITY] [DLA 1838-1] mupdf security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00027.html" } ] } diff --git a/2019/7xxx/CVE-2019-7317.json b/2019/7xxx/CVE-2019-7317.json index 4ec955a0b7f..d7ee4535a1b 100644 --- a/2019/7xxx/CVE-2019-7317.json +++ b/2019/7xxx/CVE-2019-7317.json @@ -171,6 +171,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1534", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1664", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html" } ] } diff --git a/2019/9xxx/CVE-2019-9797.json b/2019/9xxx/CVE-2019-9797.json index a29b672ec7b..3bb3664a8a8 100644 --- a/2019/9xxx/CVE-2019-9797.json +++ b/2019/9xxx/CVE-2019-9797.json @@ -91,6 +91,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1534", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00029.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1664", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00084.html" } ] },