From da781d2c85e1e2cef7254b00220617dbe5a8c660 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 16 Jul 2019 14:00:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/19xxx/CVE-2018-19629.json | 48 ++++++++++++++++++++- 2019/1010xxx/CVE-2019-1010043.json | 56 ++++++++++++++++++++++--- 2019/1010xxx/CVE-2019-1010048.json | 56 ++++++++++++++++++++++--- 2019/1010xxx/CVE-2019-1010290.json | 61 ++++++++++++++++++++++++--- 2019/1010xxx/CVE-2019-1010292.json | 56 ++++++++++++++++++++++--- 2019/1xxx/CVE-2019-1575.json | 67 ++++++++++++++++++++++++++---- 2019/1xxx/CVE-2019-1576.json | 58 ++++++++++++++++++++++---- 7 files changed, 362 insertions(+), 40 deletions(-) diff --git a/2018/19xxx/CVE-2018-19629.json b/2018/19xxx/CVE-2018-19629.json index 0c1bedd640c..b00aa14d0ec 100644 --- a/2018/19xxx/CVE-2018-19629.json +++ b/2018/19xxx/CVE-2018-19629.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19629", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Denial of Service vulnerability in the ImageNow Server service in Hyland Perceptive Content Server before 7.1.5 allows an attacker to crash the service via a TCP connection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.oppositionsecurity.com/imagenow-7-1-4-dos/", + "url": "https://www.oppositionsecurity.com/imagenow-7-1-4-dos/" } ] } diff --git a/2019/1010xxx/CVE-2019-1010043.json b/2019/1010xxx/CVE-2019-1010043.json index 77ddae80e2b..450d63d9ebd 100644 --- a/2019/1010xxx/CVE-2019-1010043.json +++ b/2019/1010xxx/CVE-2019-1010043.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010043", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Quake3e", + "version": { + "version_data": [ + { + "version_value": "< 5ed740d" + } + ] + } + } + ] + }, + "vendor_name": "Quake3e" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Quake3e < 5ed740d is affected by: Buffer Overflow. The impact is: Possible code execution and denial of service. The component is: Argument string creation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ec-/Quake3e/issues/9", + "refsource": "MISC", + "name": "https://github.com/ec-/Quake3e/issues/9" } ] } diff --git a/2019/1010xxx/CVE-2019-1010048.json b/2019/1010xxx/CVE-2019-1010048.json index 2a71f9ff227..7d721574f1a 100644 --- a/2019/1010xxx/CVE-2019-1010048.json +++ b/2019/1010xxx/CVE-2019-1010048.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010048", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "UPX", + "version": { + "version_data": [ + { + "version_value": "3.95" + } + ] + } + } + ] + }, + "vendor_name": "UPX" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "UPX 3.95 is affected by: Integer Overflow. The impact is: attacker can cause a denial of service. The component is: src/p_lx_elf.cpp PackLinuxElf32::PackLinuxElf32help1() Line 262. The attack vector is: the victim must open a specially crafted ELF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/upx/upx/pull/190", + "refsource": "MISC", + "name": "https://github.com/upx/upx/pull/190" } ] } diff --git a/2019/1010xxx/CVE-2019-1010290.json b/2019/1010xxx/CVE-2019-1010290.json index e632f6989fb..60ec16cd749 100644 --- a/2019/1010xxx/CVE-2019-1010290.json +++ b/2019/1010xxx/CVE-2019-1010290.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010290", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Babel", + "version": { + "version_data": [ + { + "version_value": "All" + } + ] + } + } + ] + }, + "vendor_name": "Babel: Multilingual site" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Babel: Multilingual site Babel All is affected by: Open Redirection. The impact is: Redirection to any URL, which is supplied to redirect.php in a \"newurl\" parameter. The component is: redirect.php. The attack vector is: The victim must open a link created by an attacker. Attacker may use any legitimate site using Babel to redirect user to a URL of his/her choosing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Open Redirection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://untrustednetwork.net/en/2019/02/20/open-redirection-vulnerability-in-babel/", + "refsource": "MISC", + "name": "https://untrustednetwork.net/en/2019/02/20/open-redirection-vulnerability-in-babel/" + }, + { + "url": "http://dev.cmsmadesimple.org/project/files/729", + "refsource": "MISC", + "name": "http://dev.cmsmadesimple.org/project/files/729" } ] } diff --git a/2019/1010xxx/CVE-2019-1010292.json b/2019/1010xxx/CVE-2019-1010292.json index fa1ef78758a..a8dbca2d165 100644 --- a/2019/1010xxx/CVE-2019-1010292.json +++ b/2019/1010xxx/CVE-2019-1010292.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010292", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "OP-TEE", + "version": { + "version_data": [ + { + "version_value": "Prior to version v3.4.0 [fixed: v3.4.0]" + } + ] + } + } + ] + }, + "vendor_name": "Linaro/OP-TEE" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Linaro/OP-TEE OP-TEE Prior to version v3.4.0 is affected by: Boundary checks. The impact is: This could lead to corruption of any memory which the TA can access. The component is: optee_os. The fixed version is: v3.4.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Boundary checks" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/OP-TEE/optee_os/commit/e3adcf566cb278444830e7badfdcc3983e334fd1", + "refsource": "MISC", + "name": "https://github.com/OP-TEE/optee_os/commit/e3adcf566cb278444830e7badfdcc3983e334fd1" } ] } diff --git a/2019/1xxx/CVE-2019-1575.json b/2019/1xxx/CVE-2019-1575.json index 55a2db33116..a0a5471f9ce 100644 --- a/2019/1xxx/CVE-2019-1575.json +++ b/2019/1xxx/CVE-2019-1575.json @@ -1,17 +1,70 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1575", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1575", + "ASSIGNER": "psirt@paloaltonetworks.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Palo Alto", + "product": { + "product_data": [ + { + "product_name": "Palo Alto Networks PAN-OS", + "version": { + "version_data": [ + { + "version_value": "PAN-OS 7.1.23 and earlier" + }, + { + "version_value": "PAN-OS 8.0.18 and earlier" + }, + { + "version_value": "PAN-OS 8.1.8-h4 and earlier" + }, + { + "version_value": "and PAN-OS 9.0.2-h3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/157", + "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/157" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Information disclosure in PAN-OS 7.1.23 and earlier, PAN-OS 8.0.18 and earlier, PAN-OS 8.1.8-h4 and earlier, and PAN-OS 9.0.2 and earlier may allow for an authenticated user with read-only privileges to extract the API key of the device and/or the username/password from the XML API (in PAN-OS) and possibly escalate privileges granted to them." } ] } diff --git a/2019/1xxx/CVE-2019-1576.json b/2019/1xxx/CVE-2019-1576.json index abe9838f4cf..8f9df69bcc1 100644 --- a/2019/1xxx/CVE-2019-1576.json +++ b/2019/1xxx/CVE-2019-1576.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1576", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1576", + "ASSIGNER": "psirt@paloaltonetworks.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Palo Alto", + "product": { + "product_data": [ + { + "product_name": "Palo Alto Networks PAN-OS", + "version": { + "version_data": [ + { + "version_value": "PAN-0S 9.0.2 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/156", + "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/156" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Command injection in PAN-0S 9.0.2 and earlier may allow an authenticated attacker to gain access to a remote shell in PAN-OS, and potentially run with the escalated user\u2019s permissions." } ] }