diff --git a/2018/7xxx/CVE-2018-7213.json b/2018/7xxx/CVE-2018-7213.json index 9bfa953c891..3a3227cd3df 100644 --- a/2018/7xxx/CVE-2018-7213.json +++ b/2018/7xxx/CVE-2018-7213.json @@ -61,6 +61,11 @@ "name": "https://redcoded.com/2018/CVE/", "refsource": "MISC", "url": "https://redcoded.com/2018/CVE/" + }, + { + "refsource": "FULLDISC", + "name": "20190319 2FA & macOS Disk Encryption Bypass in Abine Blur 7.24* [CVE-2019-6481]", + "url": "http://seclists.org/fulldisclosure/2019/Mar/33" } ] } diff --git a/2019/1003xxx/CVE-2019-1003029.json b/2019/1003xxx/CVE-2019-1003029.json index d465bff1482..baf8feb3ecc 100644 --- a/2019/1003xxx/CVE-2019-1003029.json +++ b/2019/1003xxx/CVE-2019-1003029.json @@ -58,6 +58,11 @@ "name": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20(1)", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20(1)" + }, + { + "refsource": "BID", + "name": "107476", + "url": "http://www.securityfocus.com/bid/107476" } ] } diff --git a/2019/1003xxx/CVE-2019-1003030.json b/2019/1003xxx/CVE-2019-1003030.json index eddaca7583c..1fa79be4455 100644 --- a/2019/1003xxx/CVE-2019-1003030.json +++ b/2019/1003xxx/CVE-2019-1003030.json @@ -58,6 +58,11 @@ "name": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20(2)", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1336%20(2)" + }, + { + "refsource": "BID", + "name": "107476", + "url": "http://www.securityfocus.com/bid/107476" } ] } diff --git a/2019/1003xxx/CVE-2019-1003031.json b/2019/1003xxx/CVE-2019-1003031.json index c115c7087a9..3d205473c5b 100644 --- a/2019/1003xxx/CVE-2019-1003031.json +++ b/2019/1003xxx/CVE-2019-1003031.json @@ -58,6 +58,11 @@ "name": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1339", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1339" + }, + { + "refsource": "BID", + "name": "107476", + "url": "http://www.securityfocus.com/bid/107476" } ] } diff --git a/2019/1003xxx/CVE-2019-1003032.json b/2019/1003xxx/CVE-2019-1003032.json index 81c06eceb36..e06f3fd2da0 100644 --- a/2019/1003xxx/CVE-2019-1003032.json +++ b/2019/1003xxx/CVE-2019-1003032.json @@ -58,6 +58,11 @@ "name": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1340", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1340" + }, + { + "refsource": "BID", + "name": "107476", + "url": "http://www.securityfocus.com/bid/107476" } ] } diff --git a/2019/1003xxx/CVE-2019-1003033.json b/2019/1003xxx/CVE-2019-1003033.json index 6d6e9073b75..b8aa2762096 100644 --- a/2019/1003xxx/CVE-2019-1003033.json +++ b/2019/1003xxx/CVE-2019-1003033.json @@ -58,6 +58,11 @@ "name": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1338", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1338" + }, + { + "refsource": "BID", + "name": "107476", + "url": "http://www.securityfocus.com/bid/107476" } ] } diff --git a/2019/1003xxx/CVE-2019-1003034.json b/2019/1003xxx/CVE-2019-1003034.json index 72bc8404aad..d984f985897 100644 --- a/2019/1003xxx/CVE-2019-1003034.json +++ b/2019/1003xxx/CVE-2019-1003034.json @@ -58,6 +58,11 @@ "name": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1342", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1342" + }, + { + "refsource": "BID", + "name": "107476", + "url": "http://www.securityfocus.com/bid/107476" } ] } diff --git a/2019/1003xxx/CVE-2019-1003035.json b/2019/1003xxx/CVE-2019-1003035.json index 3ec339459ba..05976140337 100644 --- a/2019/1003xxx/CVE-2019-1003035.json +++ b/2019/1003xxx/CVE-2019-1003035.json @@ -58,6 +58,11 @@ "name": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1330", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1330" + }, + { + "refsource": "BID", + "name": "107476", + "url": "http://www.securityfocus.com/bid/107476" } ] } diff --git a/2019/1003xxx/CVE-2019-1003036.json b/2019/1003xxx/CVE-2019-1003036.json index 8585ce0246e..cfa4b946ac8 100644 --- a/2019/1003xxx/CVE-2019-1003036.json +++ b/2019/1003xxx/CVE-2019-1003036.json @@ -58,6 +58,11 @@ "name": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1331", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1331" + }, + { + "refsource": "BID", + "name": "107476", + "url": "http://www.securityfocus.com/bid/107476" } ] } diff --git a/2019/1003xxx/CVE-2019-1003037.json b/2019/1003xxx/CVE-2019-1003037.json index a8498658058..b12b28eca1d 100644 --- a/2019/1003xxx/CVE-2019-1003037.json +++ b/2019/1003xxx/CVE-2019-1003037.json @@ -58,6 +58,11 @@ "name": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1332", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1332" + }, + { + "refsource": "BID", + "name": "107476", + "url": "http://www.securityfocus.com/bid/107476" } ] } diff --git a/2019/1003xxx/CVE-2019-1003038.json b/2019/1003xxx/CVE-2019-1003038.json index 124cbda99a1..796dce7a02d 100644 --- a/2019/1003xxx/CVE-2019-1003038.json +++ b/2019/1003xxx/CVE-2019-1003038.json @@ -58,6 +58,11 @@ "name": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-958", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-958" + }, + { + "refsource": "BID", + "name": "107476", + "url": "http://www.securityfocus.com/bid/107476" } ] } diff --git a/2019/1003xxx/CVE-2019-1003039.json b/2019/1003xxx/CVE-2019-1003039.json index a4c92c9f0be..334f90fb11f 100644 --- a/2019/1003xxx/CVE-2019-1003039.json +++ b/2019/1003xxx/CVE-2019-1003039.json @@ -58,6 +58,11 @@ "name": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1087", "refsource": "CONFIRM", "url": "https://jenkins.io/security/advisory/2019-03-06/#SECURITY-1087" + }, + { + "refsource": "BID", + "name": "107476", + "url": "http://www.securityfocus.com/bid/107476" } ] } diff --git a/2019/1xxx/CVE-2019-1559.json b/2019/1xxx/CVE-2019-1559.json index e7433d22fc3..0501ba7ebd7 100644 --- a/2019/1xxx/CVE-2019-1559.json +++ b/2019/1xxx/CVE-2019-1559.json @@ -111,6 +111,11 @@ "name": "DSA-4400", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4400" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K18549143", + "url": "https://support.f5.com/csp/article/K18549143" } ] } diff --git a/2019/6xxx/CVE-2019-6116.json b/2019/6xxx/CVE-2019-6116.json index d639dcb5630..ebfcb06441d 100644 --- a/2019/6xxx/CVE-2019-6116.json +++ b/2019/6xxx/CVE-2019-6116.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6116", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,83 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "REDHAT", + "name": "RHSA-2019:0229", + "url": "https://access.redhat.com/errata/RHSA-2019:0229" + }, + { + "refsource": "BID", + "name": "106700", + "url": "http://www.securityfocus.com/bid/106700" + }, + { + "refsource": "UBUNTU", + "name": "USN-3866-1", + "url": "https://usn.ubuntu.com/3866-1/" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46242", + "url": "https://www.exploit-db.com/exploits/46242/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190211 [SECURITY] [DLA 1670-1] ghostscript security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00016.html" + }, + { + "url": "http://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4372", + "url": "https://www.debian.org/security/2019/dsa-4372" + }, + { + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1729", + "refsource": "MISC", + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1729" + }, + { + "refsource": "CONFIRM", + "name": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html" + }, + { + "refsource": "CONFIRM", + "name": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 29190123 ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators", + "url": "http://www.openwall.com/lists/oss-security/2019/01/23/5" + }, + { + "refsource": "CONFIRM", + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=700317", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=700317" } ] } diff --git a/2019/6xxx/CVE-2019-6272.json b/2019/6xxx/CVE-2019-6272.json index 0bb7e284af6..2c649f18b36 100644 --- a/2019/6xxx/CVE-2019-6272.json +++ b/2019/6xxx/CVE-2019-6272.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6272", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "EXPLOIT-DB", + "name": "46179", + "url": "https://www.exploit-db.com/exploits/46179/" + }, + { + "url": "http://packetstormsecurity.com/files/151207/GL-AR300M-Lite-2.2.7-Command-Injection-Directory-Traversal.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151207/GL-AR300M-Lite-2.2.7-Command-Injection-Directory-Traversal.html" } ] } diff --git a/2019/6xxx/CVE-2019-6273.json b/2019/6xxx/CVE-2019-6273.json index 8d28d909261..b8f1f59c15c 100644 --- a/2019/6xxx/CVE-2019-6273.json +++ b/2019/6xxx/CVE-2019-6273.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6273", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "EXPLOIT-DB", + "name": "46179", + "url": "https://www.exploit-db.com/exploits/46179/" + }, + { + "url": "http://packetstormsecurity.com/files/151207/GL-AR300M-Lite-2.2.7-Command-Injection-Directory-Traversal.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151207/GL-AR300M-Lite-2.2.7-Command-Injection-Directory-Traversal.html" } ] } diff --git a/2019/9xxx/CVE-2019-9877.json b/2019/9xxx/CVE-2019-9877.json new file mode 100644 index 00000000000..ab4a3d3f7f1 --- /dev/null +++ b/2019/9xxx/CVE-2019-9877.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9877", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-textpagefindgaps-xpdf-4-01/", + "refsource": "MISC", + "name": "https://research.loginsoft.com/bugs/invalid-memory-access-in-textpagefindgaps-xpdf-4-01/" + }, + { + "url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41265", + "refsource": "MISC", + "name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=41265" + } + ] + } +} \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9878.json b/2019/9xxx/CVE-2019-9878.json new file mode 100644 index 00000000000..fb7aa4830d9 --- /dev/null +++ b/2019/9xxx/CVE-2019-9878.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-9878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/kermitt2/pdfalto/issues/46", + "refsource": "MISC", + "name": "https://github.com/kermitt2/pdfalto/issues/46" + }, + { + "url": "https://research.loginsoft.com/bugs/invalid-memory-access-in-gfxindexedcolorspacemapcolortobase-pdfalto-0-2/", + "refsource": "MISC", + "name": "https://research.loginsoft.com/bugs/invalid-memory-access-in-gfxindexedcolorspacemapcolortobase-pdfalto-0-2/" + } + ] + } +} \ No newline at end of file