diff --git a/2017/6xxx/CVE-2017-6059.json b/2017/6xxx/CVE-2017-6059.json index 97f78188d15..414826447eb 100644 --- a/2017/6xxx/CVE-2017-6059.json +++ b/2017/6xxx/CVE-2017-6059.json @@ -81,6 +81,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2112", "url": "https://access.redhat.com/errata/RHSA-2019:2112" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-7b06f18a10", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJXBG3DG2FUYFGTUTSJFMPIINVFKKB4Z/" } ] } diff --git a/2017/6xxx/CVE-2017-6062.json b/2017/6xxx/CVE-2017-6062.json index 2e83b4e6e9c..247b986ad69 100644 --- a/2017/6xxx/CVE-2017-6062.json +++ b/2017/6xxx/CVE-2017-6062.json @@ -66,6 +66,11 @@ "name": "https://github.com/pingidentity/mod_auth_openidc/issues/222", "refsource": "CONFIRM", "url": "https://github.com/pingidentity/mod_auth_openidc/issues/222" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-7b06f18a10", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJXBG3DG2FUYFGTUTSJFMPIINVFKKB4Z/" } ] } diff --git a/2017/6xxx/CVE-2017-6413.json b/2017/6xxx/CVE-2017-6413.json index 46b31ce4102..5a146d3ba8c 100644 --- a/2017/6xxx/CVE-2017-6413.json +++ b/2017/6xxx/CVE-2017-6413.json @@ -76,6 +76,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2112", "url": "https://access.redhat.com/errata/RHSA-2019:2112" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-7b06f18a10", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJXBG3DG2FUYFGTUTSJFMPIINVFKKB4Z/" } ] } diff --git a/2019/12xxx/CVE-2019-12402.json b/2019/12xxx/CVE-2019-12402.json index 805b81e622f..4b8cb4a9ddd 100644 --- a/2019/12xxx/CVE-2019-12402.json +++ b/2019/12xxx/CVE-2019-12402.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[creadur-commits] 20191022 [creadur-rat] branch master updated: RAT-258: Update to latest commons-compress to fix CVE-2019-12402", "url": "https://lists.apache.org/thread.html/54cc4e9fa6b24520135f6fa4724dfb3465bc14703c7dc7e52353a0ea@%3Ccommits.creadur.apache.org%3E" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-c96a8d12b0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/" } ] }, diff --git a/2019/12xxx/CVE-2019-12493.json b/2019/12xxx/CVE-2019-12493.json index c0fab1efecc..2f18b2d540d 100644 --- a/2019/12xxx/CVE-2019-12493.json +++ b/2019/12xxx/CVE-2019-12493.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1939-1] poppler security update", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00033.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a457286734", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" } ] } diff --git a/2019/12xxx/CVE-2019-12515.json b/2019/12xxx/CVE-2019-12515.json index 0fcabb67856..e2650e022ae 100644 --- a/2019/12xxx/CVE-2019-12515.json +++ b/2019/12xxx/CVE-2019-12515.json @@ -56,6 +56,11 @@ "url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar", "refsource": "MISC", "name": "https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a457286734", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" } ] } diff --git a/2019/12xxx/CVE-2019-12957.json b/2019/12xxx/CVE-2019-12957.json index 5d0dd4e3ca9..330ad69a449 100644 --- a/2019/12xxx/CVE-2019-12957.json +++ b/2019/12xxx/CVE-2019-12957.json @@ -56,6 +56,11 @@ "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41813", "refsource": "MISC", "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41813" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a457286734", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" } ] } diff --git a/2019/12xxx/CVE-2019-12958.json b/2019/12xxx/CVE-2019-12958.json index 2c0826eb000..92c174586ef 100644 --- a/2019/12xxx/CVE-2019-12958.json +++ b/2019/12xxx/CVE-2019-12958.json @@ -56,6 +56,11 @@ "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41815", "refsource": "MISC", "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41815" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a457286734", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" } ] } diff --git a/2019/13xxx/CVE-2019-13281.json b/2019/13xxx/CVE-2019-13281.json index be8858facc2..e9fe2f3c000 100644 --- a/2019/13xxx/CVE-2019-13281.json +++ b/2019/13xxx/CVE-2019-13281.json @@ -56,6 +56,11 @@ "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41841", "refsource": "MISC", "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41841" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a457286734", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" } ] } diff --git a/2019/13xxx/CVE-2019-13282.json b/2019/13xxx/CVE-2019-13282.json index 58460b0d65c..9ac1237475d 100644 --- a/2019/13xxx/CVE-2019-13282.json +++ b/2019/13xxx/CVE-2019-13282.json @@ -56,6 +56,11 @@ "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41842", "refsource": "MISC", "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41842" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a457286734", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" } ] } diff --git a/2019/13xxx/CVE-2019-13283.json b/2019/13xxx/CVE-2019-13283.json index f2c1983aea3..d7518eb7070 100644 --- a/2019/13xxx/CVE-2019-13283.json +++ b/2019/13xxx/CVE-2019-13283.json @@ -56,6 +56,11 @@ "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41843", "refsource": "MISC", "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41843" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a457286734", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" } ] } diff --git a/2019/13xxx/CVE-2019-13286.json b/2019/13xxx/CVE-2019-13286.json index 5b2903c60ca..044c4836388 100644 --- a/2019/13xxx/CVE-2019-13286.json +++ b/2019/13xxx/CVE-2019-13286.json @@ -56,6 +56,11 @@ "url": "https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-buffer-overflow_JBIG2Stream__readTextRegionSeg", "refsource": "MISC", "name": "https://github.com/PanguL4b/pocs/tree/master/xpdf/heap-buffer-overflow_JBIG2Stream__readTextRegionSeg" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a457286734", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWEWFUVITPA3Y6F4A5SJSROKYT7PRH7Q/" } ] } diff --git a/2019/14xxx/CVE-2019-14823.json b/2019/14xxx/CVE-2019-14823.json index 18865798c97..45f94866ef1 100644 --- a/2019/14xxx/CVE-2019-14823.json +++ b/2019/14xxx/CVE-2019-14823.json @@ -59,6 +59,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3067", "url": "https://access.redhat.com/errata/RHSA-2019:3067" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-68c2fbcf82", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O53NXVKMF7PJCPMCJQHLMSYCUGDHGBVE/" } ] }, diff --git a/2019/15xxx/CVE-2019-15903.json b/2019/15xxx/CVE-2019-15903.json index c367c3626bf..0c1f6a57502 100644 --- a/2019/15xxx/CVE-2019-15903.json +++ b/2019/15xxx/CVE-2019-15903.json @@ -151,6 +151,11 @@ "refsource": "UBUNTU", "name": "USN-4165-1", "url": "https://usn.ubuntu.com/4165-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4549", + "url": "https://www.debian.org/security/2019/dsa-4549" } ] } diff --git a/2019/17xxx/CVE-2019-17109.json b/2019/17xxx/CVE-2019-17109.json index 9e2ca68bec0..0ebed42f85f 100644 --- a/2019/17xxx/CVE-2019-17109.json +++ b/2019/17xxx/CVE-2019-17109.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://pagure.io/koji/commits/master", "url": "https://pagure.io/koji/commits/master" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-adf618865f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PSCCFHLNVFLDPC7DB4UJGXD6ZWBSY57/" } ] } diff --git a/2019/17xxx/CVE-2019-17138.json b/2019/17xxx/CVE-2019-17138.json index 000bcc57fbc..6db5999c22f 100644 --- a/2019/17xxx/CVE-2019-17138.json +++ b/2019/17xxx/CVE-2019-17138.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-17138", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Studio Photo", - "version": { - "version_data": [ - { - "version_value": "3.6.6.909" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Studio Photo", + "version": { + "version_data": [ + { + "version_value": "3.6.6.909" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Steven Seeley (mr_me) of Source Incite", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the conversion from JPEG to EPS. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8809." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-125: Out-of-bounds Read" - } + }, + "credit": "Steven Seeley (mr_me) of Source Incite", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion from JPEG to EPS. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-8809." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-908/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-908/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-908/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17139.json b/2019/17xxx/CVE-2019-17139.json index fc2d0ef1279..95283dca943 100644 --- a/2019/17xxx/CVE-2019-17139.json +++ b/2019/17xxx/CVE-2019-17139.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-17139", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PhantomPDF", - "version": { - "version_data": [ - { - "version_value": "9.5.0.20723" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.5.0.20723" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "RockStar", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of Javascript in the HTML2PDF plugin. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8692." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "RockStar", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Javascript in the HTML2PDF plugin. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8692." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-909/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-909/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-909/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17140.json b/2019/17xxx/CVE-2019-17140.json index fb07bf6c265..eac36d457a8 100644 --- a/2019/17xxx/CVE-2019-17140.json +++ b/2019/17xxx/CVE-2019-17140.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-17140", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PhantomPDF", - "version": { - "version_data": [ - { - "version_value": "9.6.0.25114" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17140", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25114" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "RockStar", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of the OnFocus event. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9091." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "RockStar", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the OnFocus event. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9091." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-910/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-910/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-910/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17141.json b/2019/17xxx/CVE-2019-17141.json index 90c2581e62c..ce325ecd71e 100644 --- a/2019/17xxx/CVE-2019-17141.json +++ b/2019/17xxx/CVE-2019-17141.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-17141", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PhantomPDF", - "version": { - "version_data": [ - { - "version_value": "9.6.0.25114" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25114" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "RockStar", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of script within a Calculate action of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9044." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "RockStar", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Calculate action of a text field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9044." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-911/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-911/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-911/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17142.json b/2019/17xxx/CVE-2019-17142.json index 4eac31523ff..e49e28d8e9f 100644 --- a/2019/17xxx/CVE-2019-17142.json +++ b/2019/17xxx/CVE-2019-17142.json @@ -1,70 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-17142", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PhantomPDF", - "version": { - "version_data": [ - { - "version_value": "9.6.0.25114" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25114" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "RockStar", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the processing of script within a Keystroke action of a listbox field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9081." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "RockStar", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of script within a Keystroke action of a listbox field. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9081." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-912/" - }, - { - "url": "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "MISC", + "name": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-912/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-912/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17143.json b/2019/17xxx/CVE-2019-17143.json index 97880b2e418..a300781b77e 100644 --- a/2019/17xxx/CVE-2019-17143.json +++ b/2019/17xxx/CVE-2019-17143.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-17143", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PhantomPDF", - "version": { - "version_data": [ - { - "version_value": "9.6.0.25114" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17143", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25114" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Mat Powell of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9273." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-416: Use After Free" - } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-9273." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-913/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-913/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-913/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17144.json b/2019/17xxx/CVE-2019-17144.json index 4668c5f8b5a..91e9d6b5b96 100644 --- a/2019/17xxx/CVE-2019-17144.json +++ b/2019/17xxx/CVE-2019-17144.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-17144", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PhantomPDF", - "version": { - "version_data": [ - { - "version_value": "9.6.0.25114" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25114" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "Mat Powell of Trend Micro Zero Day Initiative", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the conversion of DWG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9274." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-787: Out-of-bounds Write" - } + }, + "credit": "Mat Powell of Trend Micro Zero Day Initiative", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DWG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9274." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-914/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-914/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-914/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17145.json b/2019/17xxx/CVE-2019-17145.json index 78024b977ad..61524c87b99 100644 --- a/2019/17xxx/CVE-2019-17145.json +++ b/2019/17xxx/CVE-2019-17145.json @@ -1,67 +1,69 @@ { - "CVE_data_meta": { - "ASSIGNER": "zdi-disclosures@trendmicro.com", - "ID": "CVE-2019-17145", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "PhantomPDF", - "version": { - "version_data": [ - { - "version_value": "9.6.0.25114" - } - ] + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2019-17145", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PhantomPDF", + "version": { + "version_data": [ + { + "version_value": "9.6.0.25114" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" } - } ] - }, - "vendor_name": "Foxit" } - ] - } - }, - "credit": "mrpowell", - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9276." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-121: Stack-based Buffer Overflow" - } + }, + "credit": "mrpowell", + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9276." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-915/" - } - ] - }, - "impact": { - "cvss": { - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-915/", + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-915/" + } + ] + }, + "impact": { + "cvss": { + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } -} +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2114.json b/2019/2xxx/CVE-2019-2114.json index 43535c2598d..7a1f849858c 100644 --- a/2019/2xxx/CVE-2019-2114.json +++ b/2019/2xxx/CVE-2019-2114.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://source.android.com/security/bulletin/2019-10-01", "url": "https://source.android.com/security/bulletin/2019-10-01" + }, + { + "refsource": "MISC", + "name": "https://wwws.nightwatchcybersecurity.com/2019/10/24/nfc-beaming-bypasses-security-controls-in-android-cve-2019-2114/", + "url": "https://wwws.nightwatchcybersecurity.com/2019/10/24/nfc-beaming-bypasses-security-controls-in-android-cve-2019-2114/" } ] }, diff --git a/2019/5xxx/CVE-2019-5508.json b/2019/5xxx/CVE-2019-5508.json index 4d709ecd684..3e7cd3be82e 100644 --- a/2019/5xxx/CVE-2019-5508.json +++ b/2019/5xxx/CVE-2019-5508.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5508", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5508", + "ASSIGNER": "security-alert@netapp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Clustered Data ONTAP", + "version": { + "version_data": [ + { + "version_value": "9.2 and higher" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.netapp.com/advisory/ntap-20191024-0001/", + "url": "https://security.netapp.com/advisory/ntap-20191024-0001/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Clustered Data ONTAP versions 9.2 through 9.6 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS)." } ] }