diff --git a/2012/3xxx/CVE-2012-3462.json b/2012/3xxx/CVE-2012-3462.json index 9e35d98d258..06808a8ab73 100644 --- a/2012/3xxx/CVE-2012-3462.json +++ b/2012/3xxx/CVE-2012-3462.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-3462", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "sssd", + "product": { + "product_data": [ + { + "product_name": "sssd", + "version": { + "version_data": [ + { + "version_value": "1.9.0" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3462", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3462" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2012-3462", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2012-3462" + }, + { + "refsource": "MISC", + "name": "https://pagure.io/SSSD/sssd/issue/1470", + "url": "https://pagure.io/SSSD/sssd/issue/1470" } ] } diff --git a/2012/4xxx/CVE-2012-4420.json b/2012/4xxx/CVE-2012-4420.json index 3f1cd3f54f6..836a3a3375c 100644 --- a/2012/4xxx/CVE-2012-4420.json +++ b/2012/4xxx/CVE-2012-4420.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-4420", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "java-1.7.0-openjdk", + "product": { + "product_data": [ + { + "product_name": "java-1.7.0-openjdk", + "version": { + "version_data": [ + { + "version_value": "1.7.0_04 to 1.7.0_10" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,58 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). A remote attacker could use this flaw to obtain potentially sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4420", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4420" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2012-4420", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2012-4420" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78693", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78693" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/09/13/3", + "url": "http://www.openwall.com/lists/oss-security/2012/09/13/3" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/55538", + "url": "http://www.securityfocus.com/bid/55538" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2012/09/12/4", + "url": "https://www.openwall.com/lists/oss-security/2012/09/12/4" + }, + { + "refsource": "MISC", + "name": "https://bugs.java.com/bugdatabase/view_bug.do?bug_id=7196857", + "url": "https://bugs.java.com/bugdatabase/view_bug.do?bug_id=7196857" } ] } diff --git a/2013/2xxx/CVE-2013-2011.json b/2013/2xxx/CVE-2013-2011.json index 214cabf3263..8dd0108588c 100644 --- a/2013/2xxx/CVE-2013-2011.json +++ b/2013/2xxx/CVE-2013-2011.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2011", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Super Cache Plugin", + "product": { + "product_data": [ + { + "product_name": "Super Cache Plugin", + "version": { + "version_data": [ + { + "version_value": "1.3.2" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-2011", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-2011" + }, + { + "url": "http://www.securityfocus.com/bid/59473", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59473" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/25/4", + "url": "http://www.openwall.com/lists/oss-security/2013/04/25/4" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83800", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83800" } ] } diff --git a/2013/4xxx/CVE-2013-4318.json b/2013/4xxx/CVE-2013-4318.json index 997292aba88..85f07c3eb14 100644 --- a/2013/4xxx/CVE-2013-4318.json +++ b/2013/4xxx/CVE-2013-4318.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4318", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Features", + "product": { + "product_data": [ + { + "product_name": "Features", + "version": { + "version_data": [ + { + "version_value": "0.3.0" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-4318", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-4318" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/09/09/10", + "url": "http://www.openwall.com/lists/oss-security/2013/09/09/10" } ] } diff --git a/2015/5xxx/CVE-2015-5290.json b/2015/5xxx/CVE-2015-5290.json index e97ccdff8c0..817488f6486 100644 --- a/2015/5xxx/CVE-2015-5290.json +++ b/2015/5xxx/CVE-2015-5290.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5290", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ircd-ratbox", + "product": { + "product_data": [ + { + "product_name": "ircd-ratbox", + "version": { + "version_data": [ + { + "version_value": "3.0.9" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ircd-ratbox 3.0.9 mishandles the MONITOR command which allows remote attackers to cause a denial of service (system out-of-memory event)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2015-5290", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2015-5290" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5290", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5290" } ] } diff --git a/2019/19xxx/CVE-2019-19389.json b/2019/19xxx/CVE-2019-19389.json index 41350463641..de21421c2c6 100644 --- a/2019/19xxx/CVE-2019-19389.json +++ b/2019/19xxx/CVE-2019-19389.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19389", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19389", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "JetBrains Ktor framework before version 1.2.6 was vulnerable to HTTP Response Splitting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.jetbrains.com", + "refsource": "MISC", + "name": "https://blog.jetbrains.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/ktorio/ktor/pull/1408", + "url": "https://github.com/ktorio/ktor/pull/1408" } ] } diff --git a/2019/20xxx/CVE-2019-20004.json b/2019/20xxx/CVE-2019-20004.json new file mode 100644 index 00000000000..2a523092428 --- /dev/null +++ b/2019/20xxx/CVE-2019-20004.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20004", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file