From d0ae85f5a12482634de49c344a009875bf6cef33 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 21 Jan 2020 18:01:14 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2015/1xxx/CVE-2015-1861.json | 14 +++---- 2015/2xxx/CVE-2015-2784.json | 53 ++++++++++++++++++++++++- 2019/14xxx/CVE-2019-14902.json | 9 +++-- 2019/14xxx/CVE-2019-14907.json | 7 +++- 2019/17xxx/CVE-2019-17361.json | 2 +- 2019/18xxx/CVE-2019-18932.json | 72 ++++++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19344.json | 9 +++-- 2020/5xxx/CVE-2020-5202.json | 61 +++++++++++++++++++++++++--- 8 files changed, 203 insertions(+), 24 deletions(-) create mode 100644 2019/18xxx/CVE-2019-18932.json diff --git a/2015/1xxx/CVE-2015-1861.json b/2015/1xxx/CVE-2015-1861.json index cba6cd0252a..381f40ee519 100644 --- a/2015/1xxx/CVE-2015-1861.json +++ b/2015/1xxx/CVE-2015-1861.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-1861", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-1861", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." } ] } diff --git a/2015/2xxx/CVE-2015-2784.json b/2015/2xxx/CVE-2015-2784.json index 038e4089396..323313a4d1e 100644 --- a/2015/2xxx/CVE-2015-2784.json +++ b/2015/2xxx/CVE-2015-2784.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2784", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/rsantamaria/papercrop/commit/b4ecd95debaf0a8712bd1d34def83f41fc6b3579", + "url": "https://github.com/rsantamaria/papercrop/commit/b4ecd95debaf0a8712bd1d34def83f41fc6b3579" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/rsantamaria/papercrop/blob/master/CHANGELOG.md", + "url": "https://github.com/rsantamaria/papercrop/blob/master/CHANGELOG.md" } ] } diff --git a/2019/14xxx/CVE-2019-14902.json b/2019/14xxx/CVE-2019-14902.json index cd01bc78835..a05ebbe9eb1 100644 --- a/2019/14xxx/CVE-2019-14902.json +++ b/2019/14xxx/CVE-2019-14902.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-14902", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -50,7 +51,9 @@ "references": { "reference_data": [ { - "url": "https://www.samba.org/samba/security/CVE-2019-14902.html" + "url": "https://www.samba.org/samba/security/CVE-2019-14902.html", + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2019-14902.html" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902", @@ -77,4 +80,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14907.json b/2019/14xxx/CVE-2019-14907.json index 825332772d2..8aa3d1a7886 100644 --- a/2019/14xxx/CVE-2019-14907.json +++ b/2019/14xxx/CVE-2019-14907.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-14907", - "ASSIGNER": "gsuckevi@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -55,7 +56,9 @@ "refsource": "CONFIRM" }, { - "url": "https://www.samba.org/samba/security/CVE-2019-14907.html" + "url": "https://www.samba.org/samba/security/CVE-2019-14907.html", + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2019-14907.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17361.json b/2019/17xxx/CVE-2019-17361.json index fd43bfa286d..08f1f5ab767 100644 --- a/2019/17xxx/CVE-2019-17361.json +++ b/2019/17xxx/CVE-2019-17361.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In SaltStack Salt through 2019.2.0, the salt-api NEST API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host." + "value": "In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host." } ] }, diff --git a/2019/18xxx/CVE-2019-18932.json b/2019/18xxx/CVE-2019-18932.json new file mode 100644 index 00000000000..4d6c39954eb --- /dev/null +++ b/2019/18xxx/CVE-2019-18932.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1150554", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1150554" + }, + { + "url": "https://sourceforge.net/projects/sarg/", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/sarg/" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/01/20/6", + "url": "http://www.openwall.com/lists/oss-security/2020/01/20/6" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19344.json b/2019/19xxx/CVE-2019-19344.json index 03ff524dfbf..143dcd5d47f 100644 --- a/2019/19xxx/CVE-2019-19344.json +++ b/2019/19xxx/CVE-2019-19344.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19344", - "ASSIGNER": "mrehak@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -55,7 +56,9 @@ "refsource": "CONFIRM" }, { - "url": "https://www.samba.org/samba/security/CVE-2019-19344.html" + "url": "https://www.samba.org/samba/security/CVE-2019-19344.html", + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2019-19344.html" } ] }, @@ -77,4 +80,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5202.json b/2020/5xxx/CVE-2020-5202.json index 661af045ba4..c8874aee633 100644 --- a/2020/5xxx/CVE-2020-5202.json +++ b/2020/5xxx/CVE-2020-5202.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5202", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5202", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2020-5202", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2020-5202" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/01/20/4", + "url": "http://www.openwall.com/lists/oss-security/2020/01/20/4" } ] }