From de55d657c0135614eb8d956deb68e790a51c03fb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 25 Apr 2019 17:00:43 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/16xxx/CVE-2017-16558.json | 53 ++++++++++++++++++++++- 2018/18xxx/CVE-2018-18369.json | 79 +++++++++++++++++++++++++++++++--- 2018/19xxx/CVE-2018-19442.json | 48 ++++++++++++++++++++- 2019/11xxx/CVE-2019-11463.json | 2 +- 2019/11xxx/CVE-2019-11531.json | 18 ++++++++ 2019/11xxx/CVE-2019-11532.json | 18 ++++++++ 2019/8xxx/CVE-2019-8277.json | 35 ++++++++------- 2019/9xxx/CVE-2019-9135.json | 72 +++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9136.json | 72 +++++++++++++++++++++++++++++-- 9 files changed, 361 insertions(+), 36 deletions(-) create mode 100644 2019/11xxx/CVE-2019-11531.json create mode 100644 2019/11xxx/CVE-2019-11532.json diff --git a/2017/16xxx/CVE-2017-16558.json b/2017/16xxx/CVE-2017-16558.json index 78a7e4800b1..c27a307598a 100644 --- a/2017/16xxx/CVE-2017-16558.json +++ b/2017/16xxx/CVE-2017-16558.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-16558", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Contao 3.0.0 to 3.5.30 and 4.0.0 to 4.4.7 contains an SQL injection vulnerability in the back end as well as in the listing module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://contao.org/de/changelog/versions/4.4.html", + "url": "https://contao.org/de/changelog/versions/4.4.html" + }, + { + "refsource": "CONFIRM", + "name": "https://contao.org/en/news/contao-4_4_8.html", + "url": "https://contao.org/en/news/contao-4_4_8.html" } ] } diff --git a/2018/18xxx/CVE-2018-18369.json b/2018/18xxx/CVE-2018-18369.json index 2303a4db6b2..32ba4d92ca1 100644 --- a/2018/18xxx/CVE-2018-18369.json +++ b/2018/18xxx/CVE-2018-18369.json @@ -1,17 +1,82 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-18369", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-18369", + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Symantec Corporation", + "product": { + "product_data": [ + { + "product_name": "Norton Security", + "version": { + "version_data": [ + { + "version_value": "Prior to 22.16.3" + } + ] + } + }, + { + "product_name": "Symantec Endpoint Protection Small Business Edition", + "version": { + "version_data": [ + { + "version_value": "Prior to Cloud Agent 3.00.31.2817" + }, + { + "version_value": "NIS-22.15.2.22" + }, + { + "version_value": "SEP-12.1.7484.7002" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DLL Preloading" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.symantec.com/en_US/article.SYMSA1479.html", + "url": "https://support.symantec.com/en_US/article.SYMSA1479.html" + }, + { + "refsource": "BID", + "name": "107997", + "url": "http://www.securityfocus.com/bid/107997" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Norton Security (Windows client) prior to 22.16.3 and SEP SBE (Windows client) prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22 & SEP-12.1.7484.7002, may be susceptible to a DLL Preloading vulnerability, which is a type of issue that can occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead." } ] } diff --git a/2018/19xxx/CVE-2018-19442.json b/2018/19xxx/CVE-2018-19442.json index c25ff4847f3..ac09421a4b9 100644 --- a/2018/19xxx/CVE-2018-19442.json +++ b/2018/19xxx/CVE-2018-19442.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19442", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Buffer Overflow in Network::AuthenticationClient::VerifySignature in /bin/astro in Neato Botvac Connected 2.2.0 allows a remote attacker to execute arbitrary code with root privileges via a crafted POST request to a nucleo.neatocloud.com:4443/vendors/neato/robots/[robot_serial]/messages Neato cloud URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://media.ccc.de/v/eh19-157-smart-vacuum-cleaners-as-remote-wiretapping-devices#t=1779", + "url": "https://media.ccc.de/v/eh19-157-smart-vacuum-cleaners-as-remote-wiretapping-devices#t=1779" } ] } diff --git a/2019/11xxx/CVE-2019-11463.json b/2019/11xxx/CVE-2019-11463.json index cd7cccacbd0..a8dccdbf3be 100644 --- a/2019/11xxx/CVE-2019-11463.json +++ b/2019/11xxx/CVE-2019-11463.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive through 3.3.3 allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo." + "value": "A memory leak in archive_read_format_zip_cleanup in archive_read_support_format_zip.c in libarchive 3.3.4-dev allows remote attackers to cause a denial of service via a crafted ZIP file because of a HAVE_LZMA_H typo." } ] }, diff --git a/2019/11xxx/CVE-2019-11531.json b/2019/11xxx/CVE-2019-11531.json new file mode 100644 index 00000000000..719f01e46f0 --- /dev/null +++ b/2019/11xxx/CVE-2019-11531.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11531", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11532.json b/2019/11xxx/CVE-2019-11532.json new file mode 100644 index 00000000000..0b01761bb2f --- /dev/null +++ b/2019/11xxx/CVE-2019-11532.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11532", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8277.json b/2019/8xxx/CVE-2019-8277.json index 4a071b38284..5430a9a1926 100644 --- a/2019/8xxx/CVE-2019-8277.json +++ b/2019/8xxx/CVE-2019-8277.json @@ -1,14 +1,17 @@ { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "vulnerability@kaspersky.com", - "DATE_PUBLIC": "2019-03-01T00:00:00", "ID": "CVE-2019-8277", + "ASSIGNER": "vulnerability@kaspersky.com", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "Kaspersky Lab", "product": { "product_data": [ { @@ -16,36 +19,24 @@ "version": { "version_data": [ { - "version_value": "1.2.2.3" + "version_value": "revision 1211" } ] } } ] - }, - "vendor_name": "Kaspersky Lab" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "UltraVNC revision 1211 contains multiple memory leaks (CWE-655) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212." - } - ] - }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "CWE-665: Improper Initialization" + "value": "multiple memory leaks (CWE-665)" } ] } @@ -54,10 +45,18 @@ "references": { "reference_data": [ { + "refsource": "CONFIRM", "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-024-ultravnc-improper-initialization/", - "refsource": "MISC", "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-024-ultravnc-improper-initialization/" } ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UltraVNC revision 1211 contains multiple memory leaks (CWE-665) in VNC server code, which allows an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1212." + } + ] } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9135.json b/2019/9xxx/CVE-2019-9135.json index a8803cdcd8e..17a4d48894f 100644 --- a/2019/9xxx/CVE-2019-9135.json +++ b/2019/9xxx/CVE-2019-9135.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2019-9135", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HumanTalk Co,Ltd", + "product": { + "product_data": [ + { + "product_name": "DaviewIndy", + "version": { + "version_data": [ + { + "version_value": "fixed in 8.98.8" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +34,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. ." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.6" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122 Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9136.json b/2019/9xxx/CVE-2019-9136.json index a7d9211696a..d05b9e540c4 100644 --- a/2019/9xxx/CVE-2019-9136.json +++ b/2019/9xxx/CVE-2019-9136.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2019-9136", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HumanTalk Co,Ltd", + "product": { + "product_data": [ + { + "product_name": "DaviewIndy", + "version": { + "version_data": [ + { + "version_value": "fixed in 8.98.8" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +34,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed JPEG2000 format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.6" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122 Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file