From f08f509bf6b098a07448b7c261c0d54e86a1a8ff Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 7 Nov 2019 22:01:24 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2007/3xxx/CVE-2007-3732.json | 60 ++++++++++++++++++++++++++++-- 2007/3xxx/CVE-2007-3915.json | 48 +++++++++++++++++++++++- 2007/5xxx/CVE-2007-5743.json | 53 ++++++++++++++++++++++++++- 2013/1xxx/CVE-2013-1429.json | 65 +++++++++++++++++++++++++++++++-- 2013/1xxx/CVE-2013-1751.json | 58 ++++++++++++++++++++++++++++- 2019/18xxx/CVE-2019-18818.json | 67 ++++++++++++++++++++++++++++++++++ 2019/9xxx/CVE-2019-9232.json | 5 +++ 2019/9xxx/CVE-2019-9278.json | 5 +++ 2019/9xxx/CVE-2019-9325.json | 5 +++ 2019/9xxx/CVE-2019-9371.json | 5 +++ 2019/9xxx/CVE-2019-9423.json | 5 +++ 2019/9xxx/CVE-2019-9433.json | 5 +++ 12 files changed, 369 insertions(+), 12 deletions(-) create mode 100644 2019/18xxx/CVE-2019-18818.json diff --git a/2007/3xxx/CVE-2007-3732.json b/2007/3xxx/CVE-2007-3732.json index ad276dc66d0..7be2610d31c 100644 --- a/2007/3xxx/CVE-2007-3732.json +++ b/2007/3xxx/CVE-2007-3732.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2007-3732", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "linux-2.6", + "product": { + "product_data": [ + { + "product_name": "linux-2.6", + "version": { + "version_data": [ + { + "version_value": "2.6 before 2.6.23" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Linux 2.6 before 2.6.23, the TRACE_IRQS_ON function in iret_exc calls a C function without ensuring that the segments are set properly. The kernel's %fs needs to be restored before the call in TRACE_IRQS_ON and before enabling interrupts, so that \"current\" references work. Without this, \"current\" used in the window between iret_exc and the middle of error_code where %fs is reset, would crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reset %fs early in iret_exc" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2007-3732", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2007-3732" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-3732", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-3732" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2007-3732", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2007-3732" } ] } diff --git a/2007/3xxx/CVE-2007-3915.json b/2007/3xxx/CVE-2007-3915.json index a2d0f501912..3e4bc31a756 100644 --- a/2007/3xxx/CVE-2007-3915.json +++ b/2007/3xxx/CVE-2007-3915.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3915", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mondo 2.24 has insecure handling of temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2007-3915", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2007-3915" } ] } diff --git a/2007/5xxx/CVE-2007-5743.json b/2007/5xxx/CVE-2007-5743.json index 08703cf1f2b..868164ce6b9 100644 --- a/2007/5xxx/CVE-2007-5743.json +++ b/2007/5xxx/CVE-2007-5743.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5743", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "viewvc 1.0.3 allows improper access control to files in a repository when using the \"forbidden\" configuration option." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2007-5743", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2007-5743" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416696", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=416696" } ] } diff --git a/2013/1xxx/CVE-2013-1429.json b/2013/1xxx/CVE-2013-1429.json index cb3574cd800..8537fc83d5a 100644 --- a/2013/1xxx/CVE-2013-1429.json +++ b/2013/1xxx/CVE-2013-1429.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2013-1429", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "lintian", + "product": { + "product_data": [ + { + "product_name": "lintian", + "version": { + "version_data": [ + { + "version_value": "2.5.12" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lintian before 2.5.12 allows remote attackers to gather information about the \"host\" system using crafted symlinks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Symbolic Link Following" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-1429", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-1429" + }, + { + "refsource": "MISC", + "name": "https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1429.html", + "url": "https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1429.html" + }, + { + "refsource": "MISC", + "name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1113881.html", + "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1113881.html" + }, + { + "refsource": "MISC", + "name": "https://bugs.launchpad.net/ubuntu/+source/lintian/+bug/1169636", + "url": "https://bugs.launchpad.net/ubuntu/+source/lintian/+bug/1169636" } ] } diff --git a/2013/1xxx/CVE-2013-1751.json b/2013/1xxx/CVE-2013-1751.json index 118e03bec3c..73f8babe828 100644 --- a/2013/1xxx/CVE-2013-1751.json +++ b/2013/1xxx/CVE-2013-1751.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1751", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TWiki before 5.1.4 allows remote attackers to execute arbitrary shell commands by sending a crafted '%MAKETEXT{}%' parameter value containing Perl backtick characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2013-1751", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2013-1751" + }, + { + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1028149", + "url": "http://www.securitytracker.com/id/1028149" + }, + { + "refsource": "CONFIRM", + "name": "https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751", + "url": "https://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751" } ] } diff --git a/2019/18xxx/CVE-2019-18818.json b/2019/18xxx/CVE-2019-18818.json new file mode 100644 index 00000000000..0f0f5e2cfbd --- /dev/null +++ b/2019/18xxx/CVE-2019-18818.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/strapi/strapi/pull/4443", + "refsource": "MISC", + "name": "https://github.com/strapi/strapi/pull/4443" + }, + { + "url": "https://github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5", + "refsource": "MISC", + "name": "https://github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9232.json b/2019/9xxx/CVE-2019-9232.json index f5a5db7f91f..884b654be20 100644 --- a/2019/9xxx/CVE-2019-9232.json +++ b/2019/9xxx/CVE-2019-9232.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191026 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?", "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191107 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?", + "url": "http://www.openwall.com/lists/oss-security/2019/11/07/1" } ] }, diff --git a/2019/9xxx/CVE-2019-9278.json b/2019/9xxx/CVE-2019-9278.json index 2001ef35e27..781d4f8148a 100644 --- a/2019/9xxx/CVE-2019-9278.json +++ b/2019/9xxx/CVE-2019-9278.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191026 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?", "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191107 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?", + "url": "http://www.openwall.com/lists/oss-security/2019/11/07/1" } ] }, diff --git a/2019/9xxx/CVE-2019-9325.json b/2019/9xxx/CVE-2019-9325.json index 0b09c9d532e..bdf27a051fd 100644 --- a/2019/9xxx/CVE-2019-9325.json +++ b/2019/9xxx/CVE-2019-9325.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191026 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?", "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191107 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?", + "url": "http://www.openwall.com/lists/oss-security/2019/11/07/1" } ] }, diff --git a/2019/9xxx/CVE-2019-9371.json b/2019/9xxx/CVE-2019-9371.json index a4350bd9881..271945274e7 100644 --- a/2019/9xxx/CVE-2019-9371.json +++ b/2019/9xxx/CVE-2019-9371.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191026 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?", "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191107 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?", + "url": "http://www.openwall.com/lists/oss-security/2019/11/07/1" } ] }, diff --git a/2019/9xxx/CVE-2019-9423.json b/2019/9xxx/CVE-2019-9423.json index 05a76722c7a..bad17f45ee9 100644 --- a/2019/9xxx/CVE-2019-9423.json +++ b/2019/9xxx/CVE-2019-9423.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191026 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?", "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191107 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?", + "url": "http://www.openwall.com/lists/oss-security/2019/11/07/1" } ] }, diff --git a/2019/9xxx/CVE-2019-9433.json b/2019/9xxx/CVE-2019-9433.json index 04262f09eac..37eb8c85072 100644 --- a/2019/9xxx/CVE-2019-9433.json +++ b/2019/9xxx/CVE-2019-9433.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191026 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?", "url": "http://www.openwall.com/lists/oss-security/2019/10/27/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191107 Re: Security fixes from Android 10 release which are relevant outside the Android ecosystem?", + "url": "http://www.openwall.com/lists/oss-security/2019/11/07/1" } ] },