From db3d0426051b70ca30bbacb969866b025da69f70 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 9 Apr 2019 19:00:42 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/16xxx/CVE-2018-16530.json | 58 ++++++++++++++++++++++++++++++---- 2018/18xxx/CVE-2018-18507.json | 14 ++++---- 2018/20xxx/CVE-2018-20534.json | 7 +++- 2018/20xxx/CVE-2018-20760.json | 2 +- 2018/20xxx/CVE-2018-20761.json | 2 +- 2018/20xxx/CVE-2018-20762.json | 2 +- 2018/20xxx/CVE-2018-20763.json | 2 +- 2018/7xxx/CVE-2018-7117.json | 58 ++++++++++++++++++++++++++++++---- 2018/7xxx/CVE-2018-7118.json | 58 ++++++++++++++++++++++++++++++---- 2019/11xxx/CVE-2019-11060.json | 18 +++++++++++ 2019/11xxx/CVE-2019-11061.json | 18 +++++++++++ 2019/11xxx/CVE-2019-11062.json | 18 +++++++++++ 2019/11xxx/CVE-2019-11063.json | 18 +++++++++++ 2019/11xxx/CVE-2019-11064.json | 18 +++++++++++ 14 files changed, 260 insertions(+), 33 deletions(-) create mode 100644 2019/11xxx/CVE-2019-11060.json create mode 100644 2019/11xxx/CVE-2019-11061.json create mode 100644 2019/11xxx/CVE-2019-11062.json create mode 100644 2019/11xxx/CVE-2019-11063.json create mode 100644 2019/11xxx/CVE-2019-11064.json diff --git a/2018/16xxx/CVE-2018-16530.json b/2018/16xxx/CVE-2018-16530.json index 472e83b0ba3..81103ae78c3 100644 --- a/2018/16xxx/CVE-2018-16530.json +++ b/2018/16xxx/CVE-2018-16530.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-16530", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-16530", + "ASSIGNER": "psirt@forcepoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Forcepoint Email Security", + "version": { + "version_data": [ + { + "version_value": "8.5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.forcepoint.com/KBArticle?id=000016621", + "url": "https://support.forcepoint.com/KBArticle?id=000016621" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation." } ] } diff --git a/2018/18xxx/CVE-2018-18507.json b/2018/18xxx/CVE-2018-18507.json index 58f788a316b..88cd373bb8b 100644 --- a/2018/18xxx/CVE-2018-18507.json +++ b/2018/18xxx/CVE-2018-18507.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-18507", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-18507", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2018/20xxx/CVE-2018-20534.json b/2018/20xxx/CVE-2018-20534.json index 1fb866860f7..78aa1df9619 100644 --- a/2018/20xxx/CVE-2018-20534.json +++ b/2018/20xxx/CVE-2018-20534.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "There is an illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a in libsolv through 0.7.2 that will cause a denial of service." + "value": "** DISPUTED ** There is an illegal address access at ext/testcase.c in libsolv.a in libsolv through 0.7.2 that will cause a denial of service. NOTE: third parties dispute this issue stating that the issue affects the test suite and not the underlying library. It cannot be exploited in any real-world application." } ] }, @@ -66,6 +66,11 @@ "refsource": "UBUNTU", "name": "USN-3916-1", "url": "https://usn.ubuntu.com/3916-1/" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1120631", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1120631" } ] } diff --git a/2018/20xxx/CVE-2018-20760.json b/2018/20xxx/CVE-2018-20760.json index 2d903b8fddc..0fcf4fcf69f 100644 --- a/2018/20xxx/CVE-2018-20760.json +++ b/2018/20xxx/CVE-2018-20760.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In GPAC 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled." + "value": "In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because a certain -1 return value is mishandled." } ] }, diff --git a/2018/20xxx/CVE-2018-20761.json b/2018/20xxx/CVE-2018-20761.json index cc42b0db505..1f34bdbf258 100644 --- a/2018/20xxx/CVE-2018-20761.json +++ b/2018/20xxx/CVE-2018-20761.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "GPAC version 0.7.2 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a." + "value": "GPAC version 0.7.1 and earlier has a Buffer Overflow vulnerability in the gf_sm_load_init function in scene_manager.c in libgpac_static.a." } ] }, diff --git a/2018/20xxx/CVE-2018-20762.json b/2018/20xxx/CVE-2018-20762.json index 465360d651b..82f6e275ef3 100644 --- a/2018/20xxx/CVE-2018-20762.json +++ b/2018/20xxx/CVE-2018-20762.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "GPAC version 0.7.2 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames." + "value": "GPAC version 0.7.1 and earlier has a buffer overflow vulnerability in the cat_multiple_files function in applications/mp4box/fileimport.c when MP4Box is used for a local directory containing crafted filenames." } ] }, diff --git a/2018/20xxx/CVE-2018-20763.json b/2018/20xxx/CVE-2018-20763.json index 7691a15e7a3..49eb99eb5a3 100644 --- a/2018/20xxx/CVE-2018-20763.json +++ b/2018/20xxx/CVE-2018-20763.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In GPAC through 0.7.2, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking." + "value": "In GPAC 0.7.1 and earlier, gf_text_get_utf8_line in media_tools/text_import.c in libgpac_static.a allows an out-of-bounds write because of missing szLineConv bounds checking." } ] }, diff --git a/2018/7xxx/CVE-2018-7117.json b/2018/7xxx/CVE-2018-7117.json index cc4a5eb1ce4..72e73d95fdb 100644 --- a/2018/7xxx/CVE-2018-7117.json +++ b/2018/7xxx/CVE-2018-7117.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-7117", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7117", + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers", + "version": { + "version_data": [ + { + "version_value": "iLO5 prior to v1.40" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03907en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03907en_us" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote Cross-Site Scripting in HPE iLO 5 Web User Interface vulnerability was identified in HPE Integrated Lights-Out 5 (iLO 5) for Gen10 ProLiant Servers earlier than version v1.40." } ] } diff --git a/2018/7xxx/CVE-2018-7118.json b/2018/7xxx/CVE-2018-7118.json index 64b292cb7a0..75b997b7791 100644 --- a/2018/7xxx/CVE-2018-7118.json +++ b/2018/7xxx/CVE-2018-7118.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-7118", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7118", + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HPE Service Pack for Proliant (HPE SPP)", + "version": { + "version_data": [ + { + "version_value": "all versions of HPE Service Pack for ProLiant (SPP) prior to 2018.09.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local access restriction bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03904en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03904en_us" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A local access restriction bypass vulnerability was identified in HPE Service Pack for ProLiant (SPP) Bundled Software earlier than version 2018.09.0." } ] } diff --git a/2019/11xxx/CVE-2019-11060.json b/2019/11xxx/CVE-2019-11060.json new file mode 100644 index 00000000000..66a8ac15595 --- /dev/null +++ b/2019/11xxx/CVE-2019-11060.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11060", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11061.json b/2019/11xxx/CVE-2019-11061.json new file mode 100644 index 00000000000..6f9ccc9baf2 --- /dev/null +++ b/2019/11xxx/CVE-2019-11061.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11061", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11062.json b/2019/11xxx/CVE-2019-11062.json new file mode 100644 index 00000000000..f4e625c8588 --- /dev/null +++ b/2019/11xxx/CVE-2019-11062.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11062", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11063.json b/2019/11xxx/CVE-2019-11063.json new file mode 100644 index 00000000000..cc6f694a5ca --- /dev/null +++ b/2019/11xxx/CVE-2019-11063.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11063", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11064.json b/2019/11xxx/CVE-2019-11064.json new file mode 100644 index 00000000000..b71e3169ec3 --- /dev/null +++ b/2019/11xxx/CVE-2019-11064.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11064", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file