"-Synchronized-Data."

2025-06-08 05:58:08 +00:00 · 2019-08-16 16:00:46 +00:00 · 2019-08-16 16:00:46 +00:00 · edf9e1e663
commit edf9e1e663
parent 5584dccf51
11 changed files with 111 additions and 7 deletions
--- a/2019/12xxx/CVE-2019-12974.json
+++ b/2019/12xxx/CVE-2019-12974.json
@ -61,6 +61,11 @@
                "refsource": "BID",
                "name": "108913",
                "url": "http://www.securityfocus.com/bid/108913"
            },
            {
                "refsource": "MLIST",
                "name": "[debian-lts-announce] 20190816 [SECURITY] [DLA 1888-1] imagemagick security update",
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html"
            }
        ]
    }
--- a/2019/13xxx/CVE-2019-13135.json
+++ b/2019/13xxx/CVE-2019-13135.json
@ -66,6 +66,11 @@
                "url": "https://github.com/ImageMagick/ImageMagick/commit/cdb383749ef7b68a38891440af8cc23e0115306d",
                "refsource": "MISC",
                "name": "https://github.com/ImageMagick/ImageMagick/commit/cdb383749ef7b68a38891440af8cc23e0115306d"
            },
            {
                "refsource": "MLIST",
                "name": "[debian-lts-announce] 20190816 [SECURITY] [DLA 1888-1] imagemagick security update",
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html"
            }
        ]
    }
--- a/2019/13xxx/CVE-2019-13295.json
+++ b/2019/13xxx/CVE-2019-13295.json
@ -66,6 +66,11 @@
                "url": "https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953",
                "refsource": "MISC",
                "name": "https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953"
            },
            {
                "refsource": "MLIST",
                "name": "[debian-lts-announce] 20190816 [SECURITY] [DLA 1888-1] imagemagick security update",
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html"
            }
        ]
    }
--- a/2019/13xxx/CVE-2019-13297.json
+++ b/2019/13xxx/CVE-2019-13297.json
@ -66,6 +66,11 @@
                "url": "https://github.com/ImageMagick/ImageMagick/commit/604588fc35c7585abb7a9e71f69bb82e4389fefc",
                "refsource": "MISC",
                "name": "https://github.com/ImageMagick/ImageMagick/commit/604588fc35c7585abb7a9e71f69bb82e4389fefc"
            },
            {
                "refsource": "MLIST",
                "name": "[debian-lts-announce] 20190816 [SECURITY] [DLA 1888-1] imagemagick security update",
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html"
            }
        ]
    }
--- a/2019/13xxx/CVE-2019-13304.json
+++ b/2019/13xxx/CVE-2019-13304.json
@ -66,6 +66,11 @@
                "url": "https://github.com/ImageMagick/ImageMagick/commit/7689875ef64f34141e7292f6945efdf0530b4a5e",
                "refsource": "MISC",
                "name": "https://github.com/ImageMagick/ImageMagick/commit/7689875ef64f34141e7292f6945efdf0530b4a5e"
            },
            {
                "refsource": "MLIST",
                "name": "[debian-lts-announce] 20190816 [SECURITY] [DLA 1888-1] imagemagick security update",
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html"
            }
        ]
    }
--- a/2019/13xxx/CVE-2019-13305.json
+++ b/2019/13xxx/CVE-2019-13305.json
@ -66,6 +66,11 @@
                "url": "https://github.com/ImageMagick/ImageMagick/commit/29efd648f38b73a64d73f14cd2019d869a585888",
                "refsource": "MISC",
                "name": "https://github.com/ImageMagick/ImageMagick/commit/29efd648f38b73a64d73f14cd2019d869a585888"
            },
            {
                "refsource": "MLIST",
                "name": "[debian-lts-announce] 20190816 [SECURITY] [DLA 1888-1] imagemagick security update",
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html"
            }
        ]
    }
--- a/2019/13xxx/CVE-2019-13306.json
+++ b/2019/13xxx/CVE-2019-13306.json
@ -66,6 +66,11 @@
                "url": "https://github.com/ImageMagick/ImageMagick/commit/e92040ea6ee2a844ebfd2344174076795a4787bd",
                "refsource": "MISC",
                "name": "https://github.com/ImageMagick/ImageMagick/commit/e92040ea6ee2a844ebfd2344174076795a4787bd"
            },
            {
                "refsource": "MLIST",
                "name": "[debian-lts-announce] 20190816 [SECURITY] [DLA 1888-1] imagemagick security update",
                "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00021.html"
            }
        ]
    }
--- a/2019/5xxx/CVE-2019-5477.json
+++ b/2019/5xxx/CVE-2019-5477.json
@ -1,17 +1,71 @@
 {
    "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2019-5477",
        "STATE": "RESERVED"
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
-    "description": {
+    "CVE_data_meta": {
-        "description_data": [
+        "ID": "CVE-2019-5477",
        "ASSIGNER": "support@hackerone.com",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
-                "lang": "eng",
+                    "vendor_name": "n/a",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                    "product": {
                        "product_data": [
                            {
                                "product_name": "Nokogiri (ruby gem)",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "Fixed in v1.10.4"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "OS Command Injection (CWE-78)"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "name": "https://hackerone.com/reports/650835",
                "url": "https://hackerone.com/reports/650835"
            },
            {
                "refsource": "MISC",
                "name": "https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc",
                "url": "https://github.com/tenderlove/rexical/blob/master/CHANGELOG.rdoc"
            },
            {
                "refsource": "CONFIRM",
                "name": "https://github.com/sparklemotion/nokogiri/issues/1915",
                "url": "https://github.com/sparklemotion/nokogiri/issues/1915"
            }
        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4."
            }
        ]
    }
--- a/2019/9xxx/CVE-2019-9850.json
+++ b/2019/9xxx/CVE-2019-9850.json
@ -73,6 +73,11 @@
                "refsource": "BUGTRAQ",
                "name": "20190815 [SECURITY] [DSA 4501-1] libreoffice security update",
                "url": "https://seclists.org/bugtraq/2019/Aug/28"
            },
            {
                "refsource": "DEBIAN",
                "name": "DSA-4501",
                "url": "https://www.debian.org/security/2019/dsa-4501"
            }
        ]
    },
--- a/2019/9xxx/CVE-2019-9851.json
+++ b/2019/9xxx/CVE-2019-9851.json
@ -73,6 +73,11 @@
                "refsource": "BUGTRAQ",
                "name": "20190815 [SECURITY] [DSA 4501-1] libreoffice security update",
                "url": "https://seclists.org/bugtraq/2019/Aug/28"
            },
            {
                "refsource": "DEBIAN",
                "name": "DSA-4501",
                "url": "https://www.debian.org/security/2019/dsa-4501"
            }
        ]
    },
--- a/2019/9xxx/CVE-2019-9852.json
+++ b/2019/9xxx/CVE-2019-9852.json
@ -73,6 +73,11 @@
                "refsource": "BUGTRAQ",
                "name": "20190815 [SECURITY] [DSA 4501-1] libreoffice security update",
                "url": "https://seclists.org/bugtraq/2019/Aug/28"
            },
            {
                "refsource": "DEBIAN",
                "name": "DSA-4501",
                "url": "https://www.debian.org/security/2019/dsa-4501"
            }
        ]
    },