diff --git a/2018/16xxx/CVE-2018-16207.json b/2018/16xxx/CVE-2018-16207.json index d527220f3bc..323a3929919 100644 --- a/2018/16xxx/CVE-2018-16207.json +++ b/2018/16xxx/CVE-2018-16207.json @@ -3,13 +3,19 @@ "references": { "reference_data": [ { - "url": "https://www.oss.omron.co.jp/ups/info/topics/190326.html" + "url": "https://www.oss.omron.co.jp/ups/info/topics/190326.html", + "refsource": "MISC", + "name": "https://www.oss.omron.co.jp/ups/info/topics/190326.html" }, { - "url": "https://www.oss.omron.co.jp/ups/support/download/soft/poweractpro/master/poweractpro_master_windows.html" + "url": "https://www.oss.omron.co.jp/ups/support/download/soft/poweractpro/master/poweractpro_master_windows.html", + "refsource": "MISC", + "name": "https://www.oss.omron.co.jp/ups/support/download/soft/poweractpro/master/poweractpro_master_windows.html" }, { - "url": "https://jvn.jp/en/jp/JVN63981842/index.html" + "url": "https://jvn.jp/en/jp/JVN63981842/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN63981842/index.html" } ] }, @@ -47,7 +53,8 @@ }, "CVE_data_meta": { "ID": "CVE-2018-16207", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "data_format": "MITRE", "problemtype": { diff --git a/2018/16xxx/CVE-2018-16867.json b/2018/16xxx/CVE-2018-16867.json index 65ee4c9b750..d3b3db8f32e 100644 --- a/2018/16xxx/CVE-2018-16867.json +++ b/2018/16xxx/CVE-2018-16867.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-88a98ce795", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3923-1", + "url": "https://usn.ubuntu.com/3923-1/" } ] } diff --git a/2018/16xxx/CVE-2018-16872.json b/2018/16xxx/CVE-2018-16872.json index 3f2b66b87c9..2846d22f335 100644 --- a/2018/16xxx/CVE-2018-16872.json +++ b/2018/16xxx/CVE-2018-16872.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-88a98ce795", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3923-1", + "url": "https://usn.ubuntu.com/3923-1/" } ] } diff --git a/2018/19xxx/CVE-2018-19489.json b/2018/19xxx/CVE-2018-19489.json index c9e950a8fe3..69202947bc6 100644 --- a/2018/19xxx/CVE-2018-19489.json +++ b/2018/19xxx/CVE-2018-19489.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-88a98ce795", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3923-1", + "url": "https://usn.ubuntu.com/3923-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20123.json b/2018/20xxx/CVE-2018-20123.json index d1494068214..959f820848e 100644 --- a/2018/20xxx/CVE-2018-20123.json +++ b/2018/20xxx/CVE-2018-20123.json @@ -66,6 +66,11 @@ "name": "[qemu-devel] 20181212 Re: [PATCH] pvrdma: release device resources in case of an error", "refsource": "MLIST", "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02817.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3923-1", + "url": "https://usn.ubuntu.com/3923-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20124.json b/2018/20xxx/CVE-2018-20124.json index 4a265635eab..046eb6731e9 100644 --- a/2018/20xxx/CVE-2018-20124.json +++ b/2018/20xxx/CVE-2018-20124.json @@ -66,6 +66,11 @@ "name": "106290", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106290" + }, + { + "refsource": "UBUNTU", + "name": "USN-3923-1", + "url": "https://usn.ubuntu.com/3923-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20125.json b/2018/20xxx/CVE-2018-20125.json index 98c24127c01..7d81472e8fe 100644 --- a/2018/20xxx/CVE-2018-20125.json +++ b/2018/20xxx/CVE-2018-20125.json @@ -66,6 +66,11 @@ "name": "[qemu-devel] 20181213 [PATCH v2 3/6] pvrdma: check number of pages when creating rings", "refsource": "MLIST", "url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02823.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3923-1", + "url": "https://usn.ubuntu.com/3923-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20126.json b/2018/20xxx/CVE-2018-20126.json index ac12b90f6b5..8e7943e2415 100644 --- a/2018/20xxx/CVE-2018-20126.json +++ b/2018/20xxx/CVE-2018-20126.json @@ -66,6 +66,11 @@ "name": "106298", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106298" + }, + { + "refsource": "UBUNTU", + "name": "USN-3923-1", + "url": "https://usn.ubuntu.com/3923-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20191.json b/2018/20xxx/CVE-2018-20191.json index cda41b979fb..67e4c9ead61 100644 --- a/2018/20xxx/CVE-2018-20191.json +++ b/2018/20xxx/CVE-2018-20191.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-88a98ce795", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3923-1", + "url": "https://usn.ubuntu.com/3923-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20216.json b/2018/20xxx/CVE-2018-20216.json index 07562d152af..5ea7c6d9eb9 100644 --- a/2018/20xxx/CVE-2018-20216.json +++ b/2018/20xxx/CVE-2018-20216.json @@ -66,6 +66,11 @@ "name": "106291", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106291" + }, + { + "refsource": "UBUNTU", + "name": "USN-3923-1", + "url": "https://usn.ubuntu.com/3923-1/" } ] } diff --git a/2019/3xxx/CVE-2019-3812.json b/2019/3xxx/CVE-2019-3812.json index 042978c0d5d..30a8a27552b 100644 --- a/2019/3xxx/CVE-2019-3812.json +++ b/2019/3xxx/CVE-2019-3812.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-88a98ce795", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3923-1", + "url": "https://usn.ubuntu.com/3923-1/" } ] } diff --git a/2019/5xxx/CVE-2019-5418.json b/2019/5xxx/CVE-2019-5418.json index 03f54f33b73..fcbafc197a3 100644 --- a/2019/5xxx/CVE-2019-5418.json +++ b/2019/5xxx/CVE-2019-5418.json @@ -1,17 +1,90 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5418", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5418", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rails", + "product": { + "product_data": [ + { + "product_name": "https://github.com/rails/rails", + "version": { + "version_data": [ + { + "version_value": "5.2.2.1" + }, + { + "version_value": "5.1.6.2" + }, + { + "version_value": "5.0.7.2" + }, + { + "version_value": "4.2.11.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "EXPLOIT-DB", + "name": "46585", + "url": "https://www.exploit-db.com/exploits/46585/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html", + "url": "http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190322 [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View", + "url": "http://www.openwall.com/lists/oss-security/2019/03/22/1" + }, + { + "refsource": "CONFIRM", + "name": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/", + "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q", + "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a File Content Disclosure vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed." } ] } diff --git a/2019/5xxx/CVE-2019-5419.json b/2019/5xxx/CVE-2019-5419.json index 98c664e3c9f..a5fb3875c16 100644 --- a/2019/5xxx/CVE-2019-5419.json +++ b/2019/5xxx/CVE-2019-5419.json @@ -1,17 +1,80 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5419", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5419", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rails", + "product": { + "product_data": [ + { + "product_name": "https://github.com/rails/rails", + "version": { + "version_data": [ + { + "version_value": "5.2.2.1" + }, + { + "version_value": "5.1.6.2" + }, + { + "version_value": "5.0.7.2" + }, + { + "version_value": "4.2.11.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[oss-security] 20190322 [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View", + "url": "http://www.openwall.com/lists/oss-security/2019/03/22/1" + }, + { + "refsource": "CONFIRM", + "name": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/", + "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI", + "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive." } ] } diff --git a/2019/5xxx/CVE-2019-5420.json b/2019/5xxx/CVE-2019-5420.json index 68d24391be4..80ab7b55ba7 100644 --- a/2019/5xxx/CVE-2019-5420.json +++ b/2019/5xxx/CVE-2019-5420.json @@ -1,17 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5420", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5420", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rails", + "product": { + "product_data": [ + { + "product_name": "https://github.com/rails/rails", + "version": { + "version_data": [ + { + "version_value": "5.2.2.1" + }, + { + "version_value": "6.0.0.beta3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection - Generic (CWE-77)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/", + "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw", + "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit." } ] } diff --git a/2019/5xxx/CVE-2019-5926.json b/2019/5xxx/CVE-2019-5926.json index 419897f27d7..de53e0b01ca 100644 --- a/2019/5xxx/CVE-2019-5926.json +++ b/2019/5xxx/CVE-2019-5926.json @@ -3,13 +3,19 @@ "references": { "reference_data": [ { - "url": "https://xn--5rwx17a.xn--v8jtdudb.com/" + "url": "https://xn--5rwx17a.xn--v8jtdudb.com/", + "refsource": "MISC", + "name": "https://xn--5rwx17a.xn--v8jtdudb.com/" }, { - "url": "https://github.com/KinagaCMS/KinagaCMS" + "url": "https://github.com/KinagaCMS/KinagaCMS", + "refsource": "MISC", + "name": "https://github.com/KinagaCMS/KinagaCMS" }, { - "url": "https://jvn.jp/en/jp/JVN06527859/index.html" + "url": "https://jvn.jp/en/jp/JVN06527859/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN06527859/index.html" } ] }, @@ -47,7 +53,8 @@ }, "CVE_data_meta": { "ID": "CVE-2019-5926", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "data_format": "MITRE", "problemtype": { diff --git a/2019/5xxx/CVE-2019-5927.json b/2019/5xxx/CVE-2019-5927.json index 4354e0c2a41..1ff58f56932 100644 --- a/2019/5xxx/CVE-2019-5927.json +++ b/2019/5xxx/CVE-2019-5927.json @@ -3,10 +3,14 @@ "references": { "reference_data": [ { - "url": "https://weban.jp/contents/c/smartphone_apri/" + "url": "https://weban.jp/contents/c/smartphone_apri/", + "refsource": "MISC", + "name": "https://weban.jp/contents/c/smartphone_apri/" }, { - "url": "https://jvn.jp/en/jp/JVN60497148/index.html" + "url": "https://jvn.jp/en/jp/JVN60497148/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN60497148/index.html" } ] }, @@ -44,7 +48,8 @@ }, "CVE_data_meta": { "ID": "CVE-2019-5927", - "ASSIGNER": "vultures@jpcert.or.jp" + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" }, "data_format": "MITRE", "problemtype": { diff --git a/2019/6xxx/CVE-2019-6778.json b/2019/6xxx/CVE-2019-6778.json index de68cff3206..820f4c520d5 100644 --- a/2019/6xxx/CVE-2019-6778.json +++ b/2019/6xxx/CVE-2019-6778.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-88a98ce795", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CGCFIFSIWUREEQQOZDZFBYKWZHXCWBZN/" + }, + { + "refsource": "UBUNTU", + "name": "USN-3923-1", + "url": "https://usn.ubuntu.com/3923-1/" } ] } diff --git a/2019/9xxx/CVE-2019-9862.json b/2019/9xxx/CVE-2019-9862.json index eb446887dc7..d9cfe5aef0b 100644 --- a/2019/9xxx/CVE-2019-9862.json +++ b/2019/9xxx/CVE-2019-9862.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9862", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9862", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on ABUS Secvest wireless alarm system FUAA50000 3.01.01 in conjunction with Secvest remote control FUBE50014 or FUBE50015. Because \"encrypted signal transmission\" is missing, an attacker is able to eavesdrop sensitive data as cleartext (for instance, the current rolling code state)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-035.txt", + "refsource": "MISC", + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-035.txt" } ] } diff --git a/2019/9xxx/CVE-2019-9863.json b/2019/9xxx/CVE-2019-9863.json index 97535f7e076..1a510ca4a2f 100644 --- a/2019/9xxx/CVE-2019-9863.json +++ b/2019/9xxx/CVE-2019-9863.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9863", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9863", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-034.txt", + "refsource": "MISC", + "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-034.txt" } ] }