diff --git a/2017/16xxx/CVE-2017-16253.json b/2017/16xxx/CVE-2017-16253.json index 9aecf4bafdb..677e5c6bd14 100644 --- a/2017/16xxx/CVE-2017-16253.json +++ b/2017/16xxx/CVE-2017-16253.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-16253", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16253", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Insteon", + "version": { + "version_data": [ + { + "version_value": "Insteon Hub 2245-222 - Firmware version 1012" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012 for the cc channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request At 0x9d014dd8 the value for the id key is copied using strcpy to the buffer at $sp+0x290. This buffer is 32 bytes large, sending anything longer will cause a buffer overflow." } ] } diff --git a/2017/16xxx/CVE-2017-16254.json b/2017/16xxx/CVE-2017-16254.json index f7f9b086ac7..6ea10ba174d 100644 --- a/2017/16xxx/CVE-2017-16254.json +++ b/2017/16xxx/CVE-2017-16254.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-16254", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16254", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Insteon", + "version": { + "version_data": [ + { + "version_value": "Insteon Hub 2245-222 - Firmware version 1012" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at 0x9d014e4c the value for the flg key is copied using strcpy to the buffer at $sp+0x270. This buffer is 16 bytes large, sending anything longer will cause a buffer overflow." } ] } diff --git a/2017/16xxx/CVE-2017-16255.json b/2017/16xxx/CVE-2017-16255.json index 8f55ace60f0..0f1ceea9c86 100644 --- a/2017/16xxx/CVE-2017-16255.json +++ b/2017/16xxx/CVE-2017-16255.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-16255", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16255", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Insteon", + "version": { + "version_data": [ + { + "version_value": "Insteon Hub 2245-222 - Firmware version 1012" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0483" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable buffer overflow vulnerability exists in the PubNub message handler Insteon Hub 2245-222 - Firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can send an authenticated HTTP request at At 0x9d014e84 the value for the cmd1 key is copied using strcpy to the buffer at $sp+0x280. This buffer is 16 bytes large." } ] } diff --git a/2017/18xxx/CVE-2017-18342.json b/2017/18xxx/CVE-2017-18342.json index 2839d6cd41c..3dca05840ba 100644 --- a/2017/18xxx/CVE-2017-18342.json +++ b/2017/18xxx/CVE-2017-18342.json @@ -61,6 +61,11 @@ "name": "https://github.com/yaml/pyyaml/blob/master/CHANGES", "refsource": "MISC", "url": "https://github.com/yaml/pyyaml/blob/master/CHANGES" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-bed9afe622", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6JCFGEIEOFMWWIXGHSELMKQDD4CV2BA/" } ] } diff --git a/2018/17xxx/CVE-2018-17189.json b/2018/17xxx/CVE-2018-17189.json index a9ded42ed89..22e339700fe 100644 --- a/2018/17xxx/CVE-2018-17189.json +++ b/2018/17xxx/CVE-2018-17189.json @@ -67,6 +67,11 @@ "name": "https://security.netapp.com/advisory/ntap-20190125-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190125-0001/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-0300c36537", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/" } ] } diff --git a/2018/3xxx/CVE-2018-3968.json b/2018/3xxx/CVE-2018-3968.json index b4b87e0b897..65b31b01726 100644 --- a/2018/3xxx/CVE-2018-3968.json +++ b/2018/3xxx/CVE-2018-3968.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-3968", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-3968", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Das U-Boot", + "version": { + "version_data": [ + { + "version_value": "Das U-Boot 2013.07-rc1 to 2014.07-rc2 OCTEON-SDK 3.1.2 to 5.1 CUJO Smart Firewall - Firmware version 7003" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": " Improper Verification of Cryptographic Signature" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0633", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0633" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable vulnerability exists in the verified boot protection of the Das U-Boot from version 2013.07-rc1 to 2014.07-rc2. The affected versions lack proper FIT signature enforcement, which allows an attacker to bypass U-Boot's verified boot and execute an unsigned kernel, embedded in a legacy image format. To trigger this vulnerability, a local attacker needs to be able to supply the image to boot." } ] } diff --git a/2019/6xxx/CVE-2019-6116.json b/2019/6xxx/CVE-2019-6116.json index c070341ef4b..8a44c004815 100644 --- a/2019/6xxx/CVE-2019-6116.json +++ b/2019/6xxx/CVE-2019-6116.json @@ -116,6 +116,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-7b9bb0e426", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWVAVCDXBLPLJMVGNSKGGDTBEOHCJBKK/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-15d57af79a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7N6T5L3SSJX2AVUPHP7GCPATFWUPKZT2/" } ] } diff --git a/2019/6xxx/CVE-2019-6441.json b/2019/6xxx/CVE-2019-6441.json index ca0254c1804..adc5e9479ee 100644 --- a/2019/6xxx/CVE-2019-6441.json +++ b/2019/6xxx/CVE-2019-6441.json @@ -61,6 +61,26 @@ "refsource": "EXPLOIT-DB", "name": "46180", "url": "https://www.exploit-db.com/exploits/46180/" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46180", + "url": "https://www.exploit-db.com/exploits/46180" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/151202/Coship-Wireless-Router-Unauthenticated-Admin-Password-Reset.html", + "url": "https://packetstormsecurity.com/files/151202/Coship-Wireless-Router-Unauthenticated-Admin-Password-Reset.html" + }, + { + "refsource": "MISC", + "name": "https://vulmon.com/exploitdetails?qidtp=EDB&qid=46180", + "url": "https://vulmon.com/exploitdetails?qidtp=EDB&qid=46180" + }, + { + "refsource": "MISC", + "name": "https://www.anquanke.com/vul/id/1451446", + "url": "https://www.anquanke.com/vul/id/1451446" } ] } diff --git a/2019/6xxx/CVE-2019-6975.json b/2019/6xxx/CVE-2019-6975.json index 566ef1ea13c..6e0cd8297fb 100644 --- a/2019/6xxx/CVE-2019-6975.json +++ b/2019/6xxx/CVE-2019-6975.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-5ad2149e99", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HVXDOVCXLD74SHR2BENGCE2OOYYYWJHZ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-f528d75a69", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66WMXHGBXD7GSM3PEXVCMCAGLMQYHZCU/" } ] } diff --git a/2019/7xxx/CVE-2019-7238.json b/2019/7xxx/CVE-2019-7238.json index f77cb591d82..c6d664df589 100644 --- a/2019/7xxx/CVE-2019-7238.json +++ b/2019/7xxx/CVE-2019-7238.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7238", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +11,52 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sonatype Nexus Repository Manager before 3.15.0 has Incorrect Access Control." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019", + "url": "https://support.sonatype.com/hc/en-us/articles/360017310793-CVE-2019-7238-Nexus-Repository-Manager-3-Missing-Access-Controls-and-Remote-Code-Execution-February-5th-2019" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9704.json b/2019/9xxx/CVE-2019-9704.json index 7c382c771bd..d9574df7e1a 100644 --- a/2019/9xxx/CVE-2019-9704.json +++ b/2019/9xxx/CVE-2019-9704.json @@ -61,6 +61,11 @@ "name": "107373", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107373" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-7104a00054", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DU7HAUAQR4E4AEBPYLUV6FZ4PHKH6A2/" } ] } diff --git a/2019/9xxx/CVE-2019-9705.json b/2019/9xxx/CVE-2019-9705.json index 4844d58d45e..047eea9f372 100644 --- a/2019/9xxx/CVE-2019-9705.json +++ b/2019/9xxx/CVE-2019-9705.json @@ -61,6 +61,11 @@ "name": "https://salsa.debian.org/debian/cron/commit/26814a26", "refsource": "MISC", "url": "https://salsa.debian.org/debian/cron/commit/26814a26" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-7104a00054", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DU7HAUAQR4E4AEBPYLUV6FZ4PHKH6A2/" } ] } diff --git a/2019/9xxx/CVE-2019-9768.json b/2019/9xxx/CVE-2019-9768.json index 28deeaf0ef6..44aafaf6515 100644 --- a/2019/9xxx/CVE-2019-9768.json +++ b/2019/9xxx/CVE-2019-9768.json @@ -56,6 +56,11 @@ "name": "https://github.com/thinkst/canarytokens/issues/35", "refsource": "MISC", "url": "https://github.com/thinkst/canarytokens/issues/35" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46589", + "url": "https://www.exploit-db.com/exploits/46589/" } ] }