From d1b97bba4ab4d7de53b39189037b83cb3d693066 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 8 Jul 2019 18:00:55 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/15xxx/CVE-2018-15664.json | 5 +++ 2019/10xxx/CVE-2019-10973.json | 55 ++++++++++++++++++++++++++++++-- 2019/11xxx/CVE-2019-11811.json | 5 +++ 2019/2xxx/CVE-2019-2104.json | 58 ++++++++++++++++++++++++++++++---- 2019/2xxx/CVE-2019-2105.json | 58 ++++++++++++++++++++++++++++++---- 2019/2xxx/CVE-2019-2106.json | 58 ++++++++++++++++++++++++++++++---- 2019/2xxx/CVE-2019-2107.json | 58 ++++++++++++++++++++++++++++++---- 2019/2xxx/CVE-2019-2109.json | 58 ++++++++++++++++++++++++++++++---- 2019/2xxx/CVE-2019-2111.json | 58 ++++++++++++++++++++++++++++++---- 2019/2xxx/CVE-2019-2112.json | 58 ++++++++++++++++++++++++++++++---- 2019/2xxx/CVE-2019-2113.json | 58 ++++++++++++++++++++++++++++++---- 2019/2xxx/CVE-2019-2116.json | 58 ++++++++++++++++++++++++++++++---- 2019/2xxx/CVE-2019-2117.json | 58 ++++++++++++++++++++++++++++++---- 2019/2xxx/CVE-2019-2118.json | 58 ++++++++++++++++++++++++++++++---- 2019/2xxx/CVE-2019-2119.json | 58 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5736.json | 5 +++ 16 files changed, 679 insertions(+), 87 deletions(-) diff --git a/2018/15xxx/CVE-2018-15664.json b/2018/15xxx/CVE-2018-15664.json index d7ee8911c2d..2807d45388b 100644 --- a/2018/15xxx/CVE-2018-15664.json +++ b/2018/15xxx/CVE-2018-15664.json @@ -76,6 +76,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1621", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4048-1", + "url": "https://usn.ubuntu.com/4048-1/" } ] } diff --git a/2019/10xxx/CVE-2019-10973.json b/2019/10xxx/CVE-2019-10973.json index a0c257db2a7..4c337bd861e 100644 --- a/2019/10xxx/CVE-2019-10973.json +++ b/2019/10xxx/CVE-2019-10973.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10973", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Quest KACE", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 8.0.x, 8.1.x, and 9.0.x" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER INPUT VALIDATION CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "109001", + "url": "http://www.securityfocus.com/bid/109001" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-183-02", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-183-02" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Quest KACE, all versions prior to version 8.0.x, 8.1.x, and 9.0.x, allows unintentional access to the appliance leveraging functions of the troubleshooting tools located in the administrator user interface." } ] } diff --git a/2019/11xxx/CVE-2019-11811.json b/2019/11xxx/CVE-2019-11811.json index b9cb279bac6..79c74146d24 100644 --- a/2019/11xxx/CVE-2019-11811.json +++ b/2019/11xxx/CVE-2019-11811.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1479", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K01512680", + "url": "https://support.f5.com/csp/article/K01512680" } ] } diff --git a/2019/2xxx/CVE-2019-2104.json b/2019/2xxx/CVE-2019-2104.json index 04c31b9f778..b6974b6d352 100644 --- a/2019/2xxx/CVE-2019-2104.json +++ b/2019/2xxx/CVE-2019-2104.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2104", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2104", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2019-07-01", + "url": "https://source.android.com/security/bulletin/2019-07-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In HIDL, safe_union, and other C++ structs/unions being sent to application processes, there are uninitialized fields. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-131356202" } ] } diff --git a/2019/2xxx/CVE-2019-2105.json b/2019/2xxx/CVE-2019-2105.json index 9d1980014ae..018a595f815 100644 --- a/2019/2xxx/CVE-2019-2105.json +++ b/2019/2xxx/CVE-2019-2105.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2105", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2105", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2019-07-01", + "url": "https://source.android.com/security/bulletin/2019-07-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In FileInputStream::Read of file_input_stream.cc, there is a possible memory corruption due to uninitialized data. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116114182." } ] } diff --git a/2019/2xxx/CVE-2019-2106.json b/2019/2xxx/CVE-2019-2106.json index 720aaedf312..35027c84d50 100644 --- a/2019/2xxx/CVE-2019-2106.json +++ b/2019/2xxx/CVE-2019-2106.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2106", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2106", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2019-07-01", + "url": "https://source.android.com/security/bulletin/2019-07-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ihevcd_sao_shift_ctb of ihevcd_sao.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130023983." } ] } diff --git a/2019/2xxx/CVE-2019-2107.json b/2019/2xxx/CVE-2019-2107.json index c566b682b30..60ddb687490 100644 --- a/2019/2xxx/CVE-2019-2107.json +++ b/2019/2xxx/CVE-2019-2107.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2107", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2107", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2019-07-01", + "url": "https://source.android.com/security/bulletin/2019-07-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130024844." } ] } diff --git a/2019/2xxx/CVE-2019-2109.json b/2019/2xxx/CVE-2019-2109.json index ea6cd369fe1..8c4c664f8fd 100644 --- a/2019/2xxx/CVE-2019-2109.json +++ b/2019/2xxx/CVE-2019-2109.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2109", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2109", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2019-07-01", + "url": "https://source.android.com/security/bulletin/2019-07-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-130651570." } ] } diff --git a/2019/2xxx/CVE-2019-2111.json b/2019/2xxx/CVE-2019-2111.json index 526478678cc..f7d2c2f62d8 100644 --- a/2019/2xxx/CVE-2019-2111.json +++ b/2019/2xxx/CVE-2019-2111.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2111", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2111", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2019-07-01", + "url": "https://source.android.com/security/bulletin/2019-07-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In loop of DnsTlsSocket.cpp, there is a possible heap memory corruption due to a use after free. This could lead to remote code execution in the netd server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122856181." } ] } diff --git a/2019/2xxx/CVE-2019-2112.json b/2019/2xxx/CVE-2019-2112.json index 930b8d0ce8d..b8277dccb02 100644 --- a/2019/2xxx/CVE-2019-2112.json +++ b/2019/2xxx/CVE-2019-2112.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2112", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2112", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2019-07-01", + "url": "https://source.android.com/security/bulletin/2019-07-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In several functions of alarm.cc, there is possible memory corruption due to a use after free. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-117997080." } ] } diff --git a/2019/2xxx/CVE-2019-2113.json b/2019/2xxx/CVE-2019-2113.json index f097acbf4aa..8c23b11f5ec 100644 --- a/2019/2xxx/CVE-2019-2113.json +++ b/2019/2xxx/CVE-2019-2113.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2113", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2113", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2019-07-01", + "url": "https://source.android.com/security/bulletin/2019-07-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In setup wizard there is a bypass of some checks when wifi connection is skipped. This could lead to factory reset protection bypass with no additional privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122597079." } ] } diff --git a/2019/2xxx/CVE-2019-2116.json b/2019/2xxx/CVE-2019-2116.json index 83d9ac3d402..4cb2828a31b 100644 --- a/2019/2xxx/CVE-2019-2116.json +++ b/2019/2xxx/CVE-2019-2116.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2116", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2116", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2019-07-01", + "url": "https://source.android.com/security/bulletin/2019-07-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In save_attr_seq of sdp_discovery.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-117105007." } ] } diff --git a/2019/2xxx/CVE-2019-2117.json b/2019/2xxx/CVE-2019-2117.json index 2360f417090..644aa046fdb 100644 --- a/2019/2xxx/CVE-2019-2117.json +++ b/2019/2xxx/CVE-2019-2117.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2117", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2117", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2019-07-01", + "url": "https://source.android.com/security/bulletin/2019-07-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In checkQueryPermission of TelephonyProvider.java, there is a possible disclosure of secure data due to a missing permission check. This could lead to local information disclosure about carrier systems with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-124107808." } ] } diff --git a/2019/2xxx/CVE-2019-2118.json b/2019/2xxx/CVE-2019-2118.json index 9f901373fa0..9241f792092 100644 --- a/2019/2xxx/CVE-2019-2118.json +++ b/2019/2xxx/CVE-2019-2118.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2118", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2118", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2019-07-01", + "url": "https://source.android.com/security/bulletin/2019-07-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In various functions of Parcel.cpp, there are uninitialized or partially initialized stack variables. These could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-130161842." } ] } diff --git a/2019/2xxx/CVE-2019-2119.json b/2019/2xxx/CVE-2019-2119.json index b2524ff6990..fcdd479947a 100644 --- a/2019/2xxx/CVE-2019-2119.json +++ b/2019/2xxx/CVE-2019-2119.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2119", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2119", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/2019-07-01", + "url": "https://source.android.com/security/bulletin/2019-07-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple functions of key_store_service.cpp, there is a possible Information Disclosure due to improper locking. This could lead to local information disclosure of protected data with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-131622568." } ] } diff --git a/2019/5xxx/CVE-2019-5736.json b/2019/5xxx/CVE-2019-5736.json index df799b923aa..424dd4db103 100644 --- a/2019/5xxx/CVE-2019-5736.json +++ b/2019/5xxx/CVE-2019-5736.json @@ -301,6 +301,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" + }, + { + "refsource": "UBUNTU", + "name": "USN-4048-1", + "url": "https://usn.ubuntu.com/4048-1/" } ] }