diff --git a/2018/1000xxx/CVE-2018-1000656.json b/2018/1000xxx/CVE-2018-1000656.json index 95dd0a93261..8679be3ad04 100644 --- a/2018/1000xxx/CVE-2018-1000656.json +++ b/2018/1000xxx/CVE-2018-1000656.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3." + "value": "The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083." } ] }, diff --git a/2019/1010xxx/CVE-2019-1010083.json b/2019/1010xxx/CVE-2019-1010083.json index ba02bb1d342..83348e7fe55 100644 --- a/2019/1010xxx/CVE-2019-1010083.json +++ b/2019/1010xxx/CVE-2019-1010083.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1." + "value": "The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656." } ] }, diff --git a/2019/15xxx/CVE-2019-15538.json b/2019/15xxx/CVE-2019-15538.json new file mode 100644 index 00000000000..33435c4de46 --- /dev/null +++ b/2019/15xxx/CVE-2019-15538.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lore.kernel.org/linux-xfs/20190823035528.GH1037422@magnolia/", + "refsource": "MISC", + "name": "https://lore.kernel.org/linux-xfs/20190823035528.GH1037422@magnolia/" + }, + { + "url": "https://lore.kernel.org/linux-xfs/20190823192433.GA8736@eldamar.local", + "refsource": "MISC", + "name": "https://lore.kernel.org/linux-xfs/20190823192433.GA8736@eldamar.local" + }, + { + "url": "https://github.com/torvalds/linux/commit/1fb254aa983bf190cfd685d40c64a480a9bafaee", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/1fb254aa983bf190cfd685d40c64a480a9bafaee" + }, + { + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1fb254aa983bf190cfd685d40c64a480a9bafaee", + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1fb254aa983bf190cfd685d40c64a480a9bafaee" + } + ] + } +} \ No newline at end of file