From f05db6cc39d1f75756bd24df7532f7d4c3bb3257 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 4 Apr 2019 15:00:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/9xxx/CVE-2017-9553.json | 5 +++ 2018/10xxx/CVE-2018-10242.json | 48 ++++++++++++++++++++++++-- 2018/19xxx/CVE-2018-19981.json | 63 ++++++++++++++++++++++++++++++++-- 2018/20xxx/CVE-2018-20555.json | 10 ++++++ 2019/3xxx/CVE-2019-3847.json | 15 +++++--- 2019/5xxx/CVE-2019-5022.json | 14 ++++---- 6 files changed, 139 insertions(+), 16 deletions(-) diff --git a/2017/9xxx/CVE-2017-9553.json b/2017/9xxx/CVE-2017-9553.json index e7646223b90..005ae3cc282 100644 --- a/2017/9xxx/CVE-2017-9553.json +++ b/2017/9xxx/CVE-2017-9553.json @@ -56,6 +56,11 @@ "name": "https://www.synology.com/en-global/support/security/Synology_SA_17_29_DSM", "refsource": "CONFIRM", "url": "https://www.synology.com/en-global/support/security/Synology_SA_17_29_DSM" + }, + { + "refsource": "MISC", + "name": "https://www.2-sec.com/2017/06/2-secs-expert-team-uncovers-new-vulnerability-popular-synology-nas-device/", + "url": "https://www.2-sec.com/2017/06/2-secs-expert-team-uncovers-new-vulnerability-popular-synology-nas-device/" } ] } diff --git a/2018/10xxx/CVE-2018-10242.json b/2018/10xxx/CVE-2018-10242.json index 517029cc9f0..b99e6260101 100644 --- a/2018/10xxx/CVE-2018-10242.json +++ b/2018/10xxx/CVE-2018-10242.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-10242", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Suricata version 4.0.4 incorrectly handles the parsing of the SSH banner. A malformed SSH banner can cause the parsing code to read beyond the allocated data because SSHParseBanner in app-layer-ssh.c lacks a length check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/", + "url": "https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/" } ] } diff --git a/2018/19xxx/CVE-2018-19981.json b/2018/19xxx/CVE-2018-19981.json index 913f15bdc83..1840f478005 100644 --- a/2018/19xxx/CVE-2018-19981.json +++ b/2018/19xxx/CVE-2018-19981.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19981", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cleartext-credential issue was discovered in the Amazon AWS SDK 2.8.5 for Android. This SDK uses Android SharedPreferences to store AWS STS Temporary Credentials retrieved by AWS Cognito Identity Provider. If a Mobile Application (MA) uses AWS Cognito in the authentication or authorization process, the AWS SDK will store these credentials in cleartext inside the \"com.amazonaws.android.auth\" SharedPref. An attacker can use these credentials to create and sign valid AWS Signature v4 requests, and perform authenticated and authorized application actions at the user's expense. Note that the attacker must have root access to the Android filesystem (i.e., the device must already be compromised, such as by malware)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_01.png", + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_01.png" + }, + { + "url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_02.png", + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_02.png" + }, + { + "url": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_03.png", + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/lorenzodifuccia/cloudflare/master/Images/vulns/aws/aws_sdk_sp_03.png" + }, + { + "url": "https://aws-amplify.github.io/aws-sdk-android/docs/reference/com/amazonaws/auth/CognitoCachingCredentialsProvider.html", + "refsource": "MISC", + "name": "https://aws-amplify.github.io/aws-sdk-android/docs/reference/com/amazonaws/auth/CognitoCachingCredentialsProvider.html" } ] } diff --git a/2018/20xxx/CVE-2018-20555.json b/2018/20xxx/CVE-2018-20555.json index bbab68ab03d..354f816e591 100644 --- a/2018/20xxx/CVE-2018-20555.json +++ b/2018/20xxx/CVE-2018-20555.json @@ -56,6 +56,16 @@ "url": "https://wpvulndb.com/vulnerabilities/9204", "refsource": "MISC", "name": "https://wpvulndb.com/vulnerabilities/9204" + }, + { + "refsource": "MISC", + "name": "https://twitter.com/fs0c131y/status/1085828186708066304", + "url": "https://twitter.com/fs0c131y/status/1085828186708066304" + }, + { + "refsource": "MISC", + "name": "https://github.com/fs0c131y/CVE-2018-20555", + "url": "https://github.com/fs0c131y/CVE-2018-20555" } ] } diff --git a/2019/3xxx/CVE-2019-3847.json b/2019/3xxx/CVE-2019-3847.json index a0df013017e..21ca940f55f 100644 --- a/2019/3xxx/CVE-2019-3847.json +++ b/2019/3xxx/CVE-2019-3847.json @@ -15,20 +15,20 @@ "product": { "product_data": [ { - "product_name": "moodle", + "product_name": "Moodle", "version": { "version_data": [ { - "version_value": "3.6.3" + "version_value": "3.6 to 3.6.2" }, { - "version_value": "3.5.5" + "version_value": "3.5 to 3.5.4" }, { - "version_value": "3.4.8" + "version_value": "3.4 to 3.4.7" }, { - "version_value": "3.1.17" + "version_value": "3.1 to 3.1.16 and earlier unsupported versions" } ] } @@ -53,6 +53,11 @@ }, "references": { "reference_data": [ + { + "refsource": "BID", + "name": "107489", + "url": "http://www.securityfocus.com/bid/107489" + }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847", diff --git a/2019/5xxx/CVE-2019-5022.json b/2019/5xxx/CVE-2019-5022.json index 41c999c42ca..cbc20f4abaf 100644 --- a/2019/5xxx/CVE-2019-5022.json +++ b/2019/5xxx/CVE-2019-5022.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5022", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5022", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: this candidate is not about any specific product, protocol, or design, that falls into the scope of the assigning CNA. Notes: None." } ] }