From d0df0aee8b8248b971b6fb8d18ccbb206addf8d5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 29 Aug 2019 22:00:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/15xxx/CVE-2018-15510.json | 48 ++++++++++++++++++++- 2018/15xxx/CVE-2018-15511.json | 48 ++++++++++++++++++++- 2018/15xxx/CVE-2018-15512.json | 48 ++++++++++++++++++++- 2018/15xxx/CVE-2018-15513.json | 48 ++++++++++++++++++++- 2019/1xxx/CVE-2019-1966.json | 4 +- 2019/1xxx/CVE-2019-1967.json | 4 +- 2019/1xxx/CVE-2019-1968.json | 4 +- 2019/1xxx/CVE-2019-1969.json | 4 +- 2019/1xxx/CVE-2019-1977.json | 4 +- 2019/5xxx/CVE-2019-5608.json | 64 ++++++++++++++++++++++++--- 2019/5xxx/CVE-2019-5609.json | 64 ++++++++++++++++++++++++--- 2019/5xxx/CVE-2019-5610.json | 79 +++++++++++++++++++++++++++++++--- 2019/5xxx/CVE-2019-5611.json | 79 +++++++++++++++++++++++++++++++--- 2019/6xxx/CVE-2019-6113.json | 48 ++++++++++++++++++++- 14 files changed, 498 insertions(+), 48 deletions(-) diff --git a/2018/15xxx/CVE-2018-15510.json b/2018/15xxx/CVE-2018-15510.json index 2a7567eb94d..85c78486425 100644 --- a/2018/15xxx/CVE-2018-15510.json +++ b/2018/15xxx/CVE-2018-15510.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15510", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in the 'Certificate' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.contextis.com/en/resources/advisories/cve-2018-15510", + "url": "https://www.contextis.com/en/resources/advisories/cve-2018-15510" } ] } diff --git a/2018/15xxx/CVE-2018-15511.json b/2018/15xxx/CVE-2018-15511.json index eb7b759475d..3c2fe0da9c4 100644 --- a/2018/15xxx/CVE-2018-15511.json +++ b/2018/15xxx/CVE-2018-15511.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15511", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.contextis.com/en/resources/advisories/cve-2018-15511", + "url": "https://www.contextis.com/en/resources/advisories/cve-2018-15511" } ] } diff --git a/2018/15xxx/CVE-2018-15512.json b/2018/15xxx/CVE-2018-15512.json index b76e16c6fa8..057991d0771 100644 --- a/2018/15xxx/CVE-2018-15512.json +++ b/2018/15xxx/CVE-2018-15512.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15512", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in the 'Authorisation Service' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.contextis.com/en/resources/advisories/cve-2018-15512", + "url": "https://www.contextis.com/en/resources/advisories/cve-2018-15512" } ] } diff --git a/2018/15xxx/CVE-2018-15513.json b/2018/15xxx/CVE-2018-15513.json index 3c84adb5c73..b0c8f8826c3 100644 --- a/2018/15xxx/CVE-2018-15513.json +++ b/2018/15xxx/CVE-2018-15513.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15513", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.contextis.com/en/resources/advisories/cve-2018-15513", + "url": "https://www.contextis.com/en/resources/advisories/cve-2018-15513" } ] } diff --git a/2019/1xxx/CVE-2019-1966.json b/2019/1xxx/CVE-2019-1966.json index a907f88ac18..3dbcad56f68 100644 --- a/2019/1xxx/CVE-2019-1966.json +++ b/2019/1xxx/CVE-2019-1966.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand options present for a specific CLI command within the local-mgmt context. An attacker could exploit this vulnerability by authenticating to an affected device, entering the local-mgmt context, and issuing a specific CLI command and submitting user input. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid user credentials for the device. " + "value": "A vulnerability in a specific CLI command within the local management (local-mgmt) context for Cisco UCS Fabric Interconnect Software could allow an authenticated, local attacker to gain elevated privileges as the root user on an affected device. The vulnerability is due to extraneous subcommand options present for a specific CLI command within the local-mgmt context. An attacker could exploit this vulnerability by authenticating to an affected device, entering the local-mgmt context, and issuing a specific CLI command and submitting user input. A successful exploit could allow the attacker to execute arbitrary operating system commands as root on an affected device. The attacker would need to have valid user credentials for the device." } ] }, @@ -85,4 +85,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1967.json b/2019/1xxx/CVE-2019-1967.json index 11735effdc7..2e4cfeb2e78 100644 --- a/2019/1xxx/CVE-2019-1967.json +++ b/2019/1xxx/CVE-2019-1967.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the attacker to cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload. Note: The NTP feature is enabled by default. " + "value": "A vulnerability in the Network Time Protocol (NTP) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to excessive use of system resources when the affected device is logging a drop action for received MODE_PRIVATE (Mode 7) NTP packets. An attacker could exploit this vulnerability by flooding the device with a steady stream of Mode 7 NTP packets. A successful exploit could allow the attacker to cause high CPU and memory usage on the affected device, which could cause internal system processes to restart or cause the affected device to unexpectedly reload. Note: The NTP feature is enabled by default." } ] }, @@ -87,4 +87,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1968.json b/2019/1xxx/CVE-2019-1968.json index 5986b8a277a..97c7858961f 100644 --- a/2019/1xxx/CVE-2019-1968.json +++ b/2019/1xxx/CVE-2019-1968.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default. " + "value": "A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart. The vulnerability is due to incorrect validation of the HTTP header of a request that is sent to the NX-API. An attacker could exploit this vulnerability by sending a crafted HTTP request to the NX-API on an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition in the NX-API service; however, the NX-OS device itself would still be available and passing network traffic. Note: The NX-API feature is disabled by default." } ] }, @@ -86,4 +86,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1969.json b/2019/1xxx/CVE-2019-1969.json index a4ec4004a59..0c7d940ebed 100644 --- a/2019/1xxx/CVE-2019-1969.json +++ b/2019/1xxx/CVE-2019-1969.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. The vulnerability is due to an incorrect length check when the configured ACL name is the maximum length, which is 32 ASCII characters. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP polling that should have been denied. The attacker has no control of the configuration of the SNMP ACL name. " + "value": "A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) Access Control List (ACL) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic. The vulnerability is due to an incorrect length check when the configured ACL name is the maximum length, which is 32 ASCII characters. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP polling that should have been denied. The attacker has no control of the configuration of the SNMP ACL name." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1977.json b/2019/1xxx/CVE-2019-1977.json index a1fed71606d..c3124fb58c4 100644 --- a/2019/1xxx/CVE-2019-1977.json +++ b/2019/1xxx/CVE-2019-1977.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpoint device in certain circumstances. The vulnerability is due to improper endpoint learning when packets are received on a specific port from outside the ACI fabric and destined to an endpoint located on a border leaf when Disable Remote Endpoint Learning has been enabled. This can result in a Remote (XR) entry being created for the impacted endpoint that will become stale if the endpoint migrates to a different port or leaf switch. This results in traffic not reaching the impacted endpoint until the Remote entry can be relearned by another mechanism. " + "value": "A vulnerability within the Endpoint Learning feature of Cisco Nexus 9000 Series Switches running in Application Centric Infrastructure (ACI) mode could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an endpoint device in certain circumstances. The vulnerability is due to improper endpoint learning when packets are received on a specific port from outside the ACI fabric and destined to an endpoint located on a border leaf when Disable Remote Endpoint Learning has been enabled. This can result in a Remote (XR) entry being created for the impacted endpoint that will become stale if the endpoint migrates to a different port or leaf switch. This results in traffic not reaching the impacted endpoint until the Remote entry can be relearned by another mechanism." } ] }, @@ -84,4 +84,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5608.json b/2019/5xxx/CVE-2019-5608.json index b46d51aedf8..5790a413f10 100644 --- a/2019/5xxx/CVE-2019-5608.json +++ b/2019/5xxx/CVE-2019-5608.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5608", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5608", + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "before 12.0-RELEASE-p9" + }, + { + "version_value": "before 11.3-RELEASE-p2" + }, + { + "version_value": "and before 11.2-RELEASE-p13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:19.mldv2.asc", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:19.mldv2.asc" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In FreeBSD 12.0-STABLE before r350648, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350650, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the ICMPv6 input path incorrectly handles cases where an MLDv2 listener query packet is internally fragmented across multiple mbufs. A remote attacker may be able to cause an out-of-bounds read or write that may cause the kernel to attempt to access an unmapped page and subsequently panic." } ] } diff --git a/2019/5xxx/CVE-2019-5609.json b/2019/5xxx/CVE-2019-5609.json index a5323fd141f..392f8cb3a26 100644 --- a/2019/5xxx/CVE-2019-5609.json +++ b/2019/5xxx/CVE-2019-5609.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5609", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5609", + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "before 12.0-RELEASE-p9" + }, + { + "version_value": "before 11.3-RELEASE-p2" + }, + { + "version_value": "and before 11.2-RELEASE-p13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper input validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:21.bhyve.asc", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:21.bhyve.asc" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In FreeBSD 12.0-STABLE before r350619, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350619, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bhyve e1000 device emulation used a guest-provided value to determine the size of the on-stack buffer without validation when TCP segmentation offload is requested for a transmitted packet. A misbehaving bhyve guest could overwrite memory in the bhyve process on the host." } ] } diff --git a/2019/5xxx/CVE-2019-5610.json b/2019/5xxx/CVE-2019-5610.json index f15efa7ede4..fef0917c097 100644 --- a/2019/5xxx/CVE-2019-5610.json +++ b/2019/5xxx/CVE-2019-5610.json @@ -1,17 +1,82 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5610", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5610", + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "12.0-RELEASE before 12.0-RELEASE-p9" + }, + { + "version_value": "11.3-RELEASE before 11.3-RELEASE-p2" + }, + { + "version_value": "11.2-RELEASE before 11.2-RELEASE-p13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "FREEBSD", + "name": "FreeBSD-SA-19:20", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc" + }, + { + "refsource": "BUGTRAQ", + "name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:20.bsnmp", + "url": "https://seclists.org/bugtraq/2019/Aug/6" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153959/FreeBSD-Security-Advisory-FreeBSD-SA-19-20.bsnmp.html", + "url": "http://packetstormsecurity.com/files/153959/FreeBSD-Security-Advisory-FreeBSD-SA-19-20.bsnmp.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:20.bsnmp.asc" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In FreeBSD 12.0-STABLE before r350637, 12.0-RELEASE before 12.0-RELEASE-p9, 11.3-STABLE before r350638, 11.3-RELEASE before 11.3-RELEASE-p2, and 11.2-RELEASE before 11.2-RELEASE-p13, the bsnmp library is not properly validating the submitted length from a type-length-value encoding. A remote user could cause an out-of-bounds read or trigger a crash of the software such as bsnmpd resulting in a denial of service." } ] } diff --git a/2019/5xxx/CVE-2019-5611.json b/2019/5xxx/CVE-2019-5611.json index dc78843d83a..438236f4f93 100644 --- a/2019/5xxx/CVE-2019-5611.json +++ b/2019/5xxx/CVE-2019-5611.json @@ -1,17 +1,82 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5611", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5611", + "ASSIGNER": "secteam@freebsd.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "FreeBSD", + "version": { + "version_data": [ + { + "version_value": "12.0-RELEASE before 12.0-RELEASE-p10" + }, + { + "version_value": "11.3-RELEASE before 11.3-RELEASE-p3" + }, + { + "version_value": "11.2-RELEASE before 11.2-RELEASE-p14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper check for unusual conditions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "FREEBSD", + "name": "FreeBSD-SA-19:22", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc" + }, + { + "refsource": "BUGTRAQ", + "name": "20190821 FreeBSD Security Advisory FreeBSD-SA-19:22.mbuf", + "url": "https://seclists.org/bugtraq/2019/Aug/33" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154170/FreeBSD-Security-Advisory-FreeBSD-SA-19-22.mbuf.html", + "url": "http://packetstormsecurity.com/files/154170/FreeBSD-Security-Advisory-FreeBSD-SA-19-22.mbuf.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc", + "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service." } ] } diff --git a/2019/6xxx/CVE-2019-6113.json b/2019/6xxx/CVE-2019-6113.json index 3452103898a..46532bf686c 100644 --- a/2019/6xxx/CVE-2019-6113.json +++ b/2019/6xxx/CVE-2019-6113.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6113", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-0010 A/V Receiver devices allows remote attackers to read arbitrary files via a .. (dot dot) and %2f to the default URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.contextis.com/en/resources/advisories/cve-2019-6113", + "url": "https://www.contextis.com/en/resources/advisories/cve-2019-6113" } ] }