diff --git a/2018/19xxx/CVE-2018-19592.json b/2018/19xxx/CVE-2018-19592.json index 2bfcc3a39ed..c8a69dfdf19 100644 --- a/2018/19xxx/CVE-2018-19592.json +++ b/2018/19xxx/CVE-2018-19592.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19592", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The \"CLink4Service\" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\\SYSTEM, leading to total system takeover, a similar issue to CVE-2018-12441." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://forum.corsair.com/v3/showthread.php?t=155646", + "url": "http://forum.corsair.com/v3/showthread.php?t=155646" + }, + { + "refsource": "MISC", + "name": "https://github.com/BradyDonovan/CVE-2018-19592/blob/master/CLink4Service", + "url": "https://github.com/BradyDonovan/CVE-2018-19592/blob/master/CLink4Service" } ] } diff --git a/2019/14xxx/CVE-2019-14835.json b/2019/14xxx/CVE-2019-14835.json index e68778b1c95..3aa6e75b7e3 100644 --- a/2019/14xxx/CVE-2019-14835.json +++ b/2019/14xxx/CVE-2019-14835.json @@ -178,6 +178,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2899", "url": "https://access.redhat.com/errata/RHSA-2019:2899" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:2924", + "url": "https://access.redhat.com/errata/RHSA-2019:2924" } ] }, diff --git a/2019/16xxx/CVE-2019-16922.json b/2019/16xxx/CVE-2019-16922.json new file mode 100644 index 00000000000..4b69842a530 --- /dev/null +++ b/2019/16xxx/CVE-2019-16922.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SuiteCRM 7.10.x before 7.10.20 and 7.11.x before 7.11.8 allows unintended public exposure of files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_8", + "refsource": "MISC", + "name": "https://docs.suitecrm.com/admin/releases/7.11.x/#_7_11_8" + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3855.json b/2019/3xxx/CVE-2019-3855.json index fa6de288e20..31110600e35 100644 --- a/2019/3xxx/CVE-2019-3855.json +++ b/2019/3xxx/CVE-2019-3855.json @@ -171,6 +171,11 @@ "refsource": "CONFIRM", "name": "https://support.apple.com/kb/HT210609", "url": "https://support.apple.com/kb/HT210609" + }, + { + "refsource": "BUGTRAQ", + "name": "20190927 APPLE-SA-2019-9-26-7 Xcode 11.0", + "url": "https://seclists.org/bugtraq/2019/Sep/49" } ] }, diff --git a/2019/8xxx/CVE-2019-8072.json b/2019/8xxx/CVE-2019-8072.json index 206702b871f..854e4fada88 100644 --- a/2019/8xxx/CVE-2019-8072.json +++ b/2019/8xxx/CVE-2019-8072.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8072", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8072", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Cold Fusion", + "version": { + "version_data": [ + { + "version_value": "ColdFusion 2018- update 4 and earlier" + }, + { + "version_value": "ColdFusion 2016- update 11 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Security bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user." } ] } diff --git a/2019/8xxx/CVE-2019-8073.json b/2019/8xxx/CVE-2019-8073.json index f08094e3226..e121dc8cf57 100644 --- a/2019/8xxx/CVE-2019-8073.json +++ b/2019/8xxx/CVE-2019-8073.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8073", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8073", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Cold Fusion", + "version": { + "version_data": [ + { + "version_value": "ColdFusion 2018- update 4 and earlier" + }, + { + "version_value": "ColdFusion 2016- update 11 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection via Vulnerable component" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Command Injection via Vulnerable component vulnerability. Successful exploitation could lead to Arbitrary code execution in the context of the current user." } ] } diff --git a/2019/8xxx/CVE-2019-8074.json b/2019/8xxx/CVE-2019-8074.json index 8c559a72645..f68341a146c 100644 --- a/2019/8xxx/CVE-2019-8074.json +++ b/2019/8xxx/CVE-2019-8074.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8074", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8074", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Cold Fusion", + "version": { + "version_data": [ + { + "version_value": "ColdFusion 2018- update 4 and earlier" + }, + { + "version_value": "ColdFusion 2016- update 11 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb19-47.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ColdFusion 2018- update 4 and earlier and ColdFusion 2016- update 11 and earlier have a Path Traversal vulnerability. Successful exploitation could lead to Access Control Bypass in the context of the current user." } ] } diff --git a/2019/8xxx/CVE-2019-8075.json b/2019/8xxx/CVE-2019-8075.json index 73d7fca10f3..7200d207464 100644 --- a/2019/8xxx/CVE-2019-8075.json +++ b/2019/8xxx/CVE-2019-8075.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8075", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8075", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Flash Player", + "version": { + "version_data": [ + { + "version_value": "32.0.0.192 and earlier versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Same Origin Policy Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/flash-player/apsb19-30.html", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb19-30.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user." } ] } diff --git a/2019/9xxx/CVE-2019-9853.json b/2019/9xxx/CVE-2019-9853.json index d8216aac027..e97951abfbc 100644 --- a/2019/9xxx/CVE-2019-9853.json +++ b/2019/9xxx/CVE-2019-9853.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@documentfoundation.org", + "DATE_PUBLIC": "2019-09-27T00:00:00.000Z", "ID": "CVE-2019-9853", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Insufficient URL decoding flaw in categorizing macro location" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LibreOffice", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "6.2 series", + "version_value": "6.2.7" + }, + { + "version_affected": "<", + "version_name": "6.3 series", + "version_value": "6.3.1" + } + ] + } + } + ] + }, + "vendor_name": "Document Foundation" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Nils Emmerich of ERNW Research GmbH for discovering and reporting this issue" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LibreOffice documents can contain macros. The execution of those macros is controlled by the document security settings, typically execution of macros are blocked by default. A URL decoding flaw existed in how the urls to the macros within the document were processed and categorized, resulting in the possibility to construct a document where macro execution bypassed the security settings. The documents were correctly detected as containing macros, and prompted the user to their existence within the documents, but macros within the document were subsequently not controlled by the security settings allowing arbitrary macro execution This issue affects: LibreOffice 6.2 series versions prior to 6.2.7; LibreOffice 6.3 series versions prior to 6.3.1." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.8" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-116 Improper Encoding or Escaping of Output" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9853/", + "url": "https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9853/" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file