diff --git a/2018/3xxx/CVE-2018-3974.json b/2018/3xxx/CVE-2018-3974.json index 47f532b50e2..f5762e860a2 100644 --- a/2018/3xxx/CVE-2018-3974.json +++ b/2018/3xxx/CVE-2018-3974.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-3974", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-3974", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GOG.COM", + "product": { + "product_data": [ + { + "product_name": "GOG Galaxy", + "version": { + "version_data": [ + { + "version_value": "Gog Galaxy 1.2.45.61 (Windows 64-bit Installer)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local privilege elevation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0640", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0640" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's install directory. An attacker can overwrite an executable that is launched as a system service on boot by default to exploit this vulnerability and execute arbitrary code with system privileges." } ] } diff --git a/2018/4xxx/CVE-2018-4049.json b/2018/4xxx/CVE-2018-4049.json index 77da08a0c10..259c1a07ee8 100644 --- a/2018/4xxx/CVE-2018-4049.json +++ b/2018/4xxx/CVE-2018-4049.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-4049", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-4049", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GOG.COM", + "product": { + "product_data": [ + { + "product_name": "GOG Galaxy", + "version": { + "version_data": [ + { + "version_value": "Gog Galaxy 1.2.48.36 (Windows 64-bit Installer)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local privilege elevation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0723", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0723" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's \u201cGames\u201d directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of installed games to exploit this vulnerability and execute arbitrary code with elevated privileges." } ] } diff --git a/2018/4xxx/CVE-2018-4051.json b/2018/4xxx/CVE-2018-4051.json index 5962d19374b..39415ad0853 100644 --- a/2018/4xxx/CVE-2018-4051.json +++ b/2018/4xxx/CVE-2018-4051.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-4051", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-4051", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GOG.COM", + "product": { + "product_data": [ + { + "product_name": "GOG Galaxy", + "version": { + "version_data": [ + { + "version_value": "Gog Galaxy 1.2.47 (macOS)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": " improper input validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0725", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0725" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally create directories and subdirectories on the root file system, as well as change the permissions of existing directories." } ] } diff --git a/2018/4xxx/CVE-2018-4052.json b/2018/4xxx/CVE-2018-4052.json index 37ffdf1a3ee..e02a3ceb65e 100644 --- a/2018/4xxx/CVE-2018-4052.json +++ b/2018/4xxx/CVE-2018-4052.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-4052", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-4052", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GOG.COM", + "product": { + "product_data": [ + { + "product_name": "GOG Galaxy", + "version": { + "version_data": [ + { + "version_value": "Gog Galaxy 1.2.47 (macOS)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "improper input validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0726", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0726" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can pass a PID and receive information running on it that would usually only be accessible to the root user." } ] } diff --git a/2018/4xxx/CVE-2018-4053.json b/2018/4xxx/CVE-2018-4053.json index d4854dfeb68..0d6a78d72a4 100644 --- a/2018/4xxx/CVE-2018-4053.json +++ b/2018/4xxx/CVE-2018-4053.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-4053", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-4053", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GOG.COM", + "product": { + "product_data": [ + { + "product_name": "GOG Galaxy", + "version": { + "version_data": [ + { + "version_value": "Gog Galaxy 1.2.47 (macOS)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0727", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0727" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can send malicious data to the root-listening service, causing the application to terminate and become unavailable." } ] } diff --git a/2019/6xxx/CVE-2019-6536.json b/2019/6xxx/CVE-2019-6536.json index a8ba41898c9..e5394e53cf8 100644 --- a/2019/6xxx/CVE-2019-6536.json +++ b/2019/6xxx/CVE-2019-6536.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-01", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-073-01" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-307/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-307/" } ] },