From f17d95cf2019338a8e5c871a273e17e5b20202ef Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 22 Feb 2019 18:05:07 -0500 Subject: [PATCH] - Synchronized data. --- 2019/6xxx/CVE-2019-6485.json | 48 +++++++++++++++++++++- 2019/9xxx/CVE-2019-9020.json | 53 +++++++++++++++++++++++- 2019/9xxx/CVE-2019-9021.json | 48 +++++++++++++++++++++- 2019/9xxx/CVE-2019-9022.json | 48 +++++++++++++++++++++- 2019/9xxx/CVE-2019-9023.json | 78 +++++++++++++++++++++++++++++++++++- 2019/9xxx/CVE-2019-9024.json | 48 +++++++++++++++++++++- 2019/9xxx/CVE-2019-9025.json | 62 ++++++++++++++++++++++++++++ 7 files changed, 373 insertions(+), 12 deletions(-) create mode 100644 2019/9xxx/CVE-2019-9025.json diff --git a/2019/6xxx/CVE-2019-6485.json b/2019/6xxx/CVE-2019-6485.json index 5a9c67e09a3..3699bb30d30 100644 --- a/2019/6xxx/CVE-2019-6485.json +++ b/2019/6xxx/CVE-2019-6485.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-6485", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Citrix NetScaler Gateway 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 and Application Delivery Controller (ADC) 12.1 before build 50.31, 12.0 before build 60.9, 11.1 before build 60.14, 11.0 before build 72.17, and 10.5 before build 69.5 allow remote attackers to obtain sensitive plaintext information because of a TLS Padding Oracle Vulnerability when CBC-based cipher suites are enabled." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://support.citrix.com/article/CTX240139", + "refsource" : "MISC", + "url" : "https://support.citrix.com/article/CTX240139" } ] } diff --git a/2019/9xxx/CVE-2019-9020.json b/2019/9xxx/CVE-2019-9020.json index 713ba7da2f2..6c1b9b51934 100644 --- a/2019/9xxx/CVE-2019-9020.json +++ b/2019/9xxx/CVE-2019-9020.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-9020", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in ext/xmlrpc/libxmlrpc/xml_element.c." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugs.php.net/bug.php?id=77242", + "refsource" : "MISC", + "url" : "https://bugs.php.net/bug.php?id=77242" + }, + { + "name" : "https://bugs.php.net/bug.php?id=77249", + "refsource" : "MISC", + "url" : "https://bugs.php.net/bug.php?id=77249" } ] } diff --git a/2019/9xxx/CVE-2019-9021.json b/2019/9xxx/CVE-2019-9021.json index 08dfa31d437..407fff0efdd 100644 --- a/2019/9xxx/CVE-2019-9021.json +++ b/2019/9xxx/CVE-2019-9021.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-9021", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the file name, a different vulnerability than CVE-2018-20783. This is related to phar_detect_phar_fname_ext in ext/phar/phar.c." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugs.php.net/bug.php?id=77247", + "refsource" : "MISC", + "url" : "https://bugs.php.net/bug.php?id=77247" } ] } diff --git a/2019/9xxx/CVE-2019-9022.json b/2019/9xxx/CVE-2019-9022.json index 939e35b37b4..5bbd7461f1c 100644 --- a/2019/9xxx/CVE-2019-9022.json +++ b/2019/9xxx/CVE-2019-9022.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-9022", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects php_parserr in ext/standard/dns.c for DNS_CAA and DNS_ANY queries." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugs.php.net/bug.php?id=77369", + "refsource" : "MISC", + "url" : "https://bugs.php.net/bug.php?id=77369" } ] } diff --git a/2019/9xxx/CVE-2019-9023.json b/2019/9xxx/CVE-2019-9023.json index 0e94b516af3..4441395cb5d 100644 --- a/2019/9xxx/CVE-2019-9023.json +++ b/2019/9xxx/CVE-2019-9023.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-9023", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,58 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regexec.c, ext/mbstring/oniguruma/regparse.c, ext/mbstring/oniguruma/enc/unicode.c, and ext/mbstring/oniguruma/src/utf32_be.c when a multibyte regular expression pattern contains invalid multibyte sequences." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugs.php.net/bug.php?id=77370", + "refsource" : "MISC", + "url" : "https://bugs.php.net/bug.php?id=77370" + }, + { + "name" : "https://bugs.php.net/bug.php?id=77371", + "refsource" : "MISC", + "url" : "https://bugs.php.net/bug.php?id=77371" + }, + { + "name" : "https://bugs.php.net/bug.php?id=77381", + "refsource" : "MISC", + "url" : "https://bugs.php.net/bug.php?id=77381" + }, + { + "name" : "https://bugs.php.net/bug.php?id=77382", + "refsource" : "MISC", + "url" : "https://bugs.php.net/bug.php?id=77382" + }, + { + "name" : "https://bugs.php.net/bug.php?id=77385", + "refsource" : "MISC", + "url" : "https://bugs.php.net/bug.php?id=77385" + }, + { + "name" : "https://bugs.php.net/bug.php?id=77394", + "refsource" : "MISC", + "url" : "https://bugs.php.net/bug.php?id=77394" + }, + { + "name" : "https://bugs.php.net/bug.php?id=77418", + "refsource" : "MISC", + "url" : "https://bugs.php.net/bug.php?id=77418" } ] } diff --git a/2019/9xxx/CVE-2019-9024.json b/2019/9xxx/CVE-2019-9024.json index fdf5a90e896..44708863c4c 100644 --- a/2019/9xxx/CVE-2019-9024.json +++ b/2019/9xxx/CVE-2019-9024.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-9024", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugs.php.net/bug.php?id=77380", + "refsource" : "MISC", + "url" : "https://bugs.php.net/bug.php?id=77380" } ] } diff --git a/2019/9xxx/CVE-2019-9025.json b/2019/9xxx/CVE-2019-9025.json new file mode 100644 index 00000000000..f659d8c0598 --- /dev/null +++ b/2019/9xxx/CVE-2019-9025.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9025", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugs.php.net/bug.php?id=77367", + "refsource" : "MISC", + "url" : "https://bugs.php.net/bug.php?id=77367" + } + ] + } +}