From f69287af7f68b66307c0189d12ded31bd2867881 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 5 Nov 2019 21:01:24 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2011/1xxx/CVE-2011-1133.json | 63 ++++++++++++++++++++++++++++++++-- 2011/1xxx/CVE-2011-1134.json | 63 ++++++++++++++++++++++++++++++++-- 2011/1xxx/CVE-2011-1135.json | 63 ++++++++++++++++++++++++++++++++-- 2018/15xxx/CVE-2018-15910.json | 5 +++ 2018/15xxx/CVE-2018-15911.json | 5 +++ 2018/16xxx/CVE-2018-16513.json | 5 +++ 2018/18xxx/CVE-2018-18284.json | 5 +++ 2018/19xxx/CVE-2018-19152.json | 53 ++++++++++++++++++++++++++-- 2018/19xxx/CVE-2018-19153.json | 53 ++++++++++++++++++++++++++-- 2018/19xxx/CVE-2018-19154.json | 53 ++++++++++++++++++++++++++-- 2018/19xxx/CVE-2018-19155.json | 53 ++++++++++++++++++++++++++-- 2018/19xxx/CVE-2018-19156.json | 53 ++++++++++++++++++++++++++-- 2018/19xxx/CVE-2018-19157.json | 53 ++++++++++++++++++++++++++-- 2018/19xxx/CVE-2018-19159.json | 53 ++++++++++++++++++++++++++-- 2018/19xxx/CVE-2018-19160.json | 53 ++++++++++++++++++++++++++-- 2018/19xxx/CVE-2018-19161.json | 53 ++++++++++++++++++++++++++-- 2018/19xxx/CVE-2018-19162.json | 53 ++++++++++++++++++++++++++-- 2018/19xxx/CVE-2018-19163.json | 53 ++++++++++++++++++++++++++-- 2018/19xxx/CVE-2018-19164.json | 53 ++++++++++++++++++++++++++-- 2018/19xxx/CVE-2018-19165.json | 53 ++++++++++++++++++++++++++-- 2018/19xxx/CVE-2018-19166.json | 53 ++++++++++++++++++++++++++-- 2018/19xxx/CVE-2018-19167.json | 53 ++++++++++++++++++++++++++-- 2018/20xxx/CVE-2018-20796.json | 5 +++ 2019/10xxx/CVE-2019-10084.json | 9 +++-- 2019/16xxx/CVE-2019-16284.json | 62 +++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17624.json | 2 +- 2019/5xxx/CVE-2019-5088.json | 58 +++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5089.json | 58 +++++++++++++++++++++++++++---- 2019/6xxx/CVE-2019-6142.json | 61 ++++++++++++++++++++++++++++---- 2019/9xxx/CVE-2019-9192.json | 5 +++ 30 files changed, 1204 insertions(+), 60 deletions(-) create mode 100644 2019/16xxx/CVE-2019-16284.json diff --git a/2011/1xxx/CVE-2011-1133.json b/2011/1xxx/CVE-2011-1133.json index f18f5ccacc4..95703bbef9e 100644 --- a/2011/1xxx/CVE-2011-1133.json +++ b/2011/1xxx/CVE-2011-1133.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1133", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "SECTRACK", + "name": "CVE-2011-1133", + "url": "https://security-tracker.debian.org/tracker/CVE-2011-1133" + }, + { + "refsource": "CONFIRM", + "name": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html", + "url": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/03/02/5", + "url": "https://www.openwall.com/lists/oss-security/2011/03/02/5" + }, + { + "refsource": "DEBIAN", + "name": "611661", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661" } ] } diff --git a/2011/1xxx/CVE-2011-1134.json b/2011/1xxx/CVE-2011-1134.json index 186430adc8b..7ed6ab0924b 100644 --- a/2011/1xxx/CVE-2011-1134.json +++ b/2011/1xxx/CVE-2011-1134.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1134", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in the image manager." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html", + "url": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/03/02/5", + "url": "https://www.openwall.com/lists/oss-security/2011/03/02/5" + }, + { + "refsource": "DEBIAN", + "name": "611661", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661" + }, + { + "refsource": "SECTRACK", + "name": "CVE-2011-1134", + "url": "https://security-tracker.debian.org/tracker/CVE-2011-1134" } ] } diff --git a/2011/1xxx/CVE-2011-1135.json b/2011/1xxx/CVE-2011-1135.json index 8d27dc5449e..b8acfd22161 100644 --- a/2011/1xxx/CVE-2011-1135.json +++ b/2011/1xxx/CVE-2011-1135.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1135", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html", + "url": "https://blog.s9y.org/archives/224-Important-Security-Update-Serendipity-1.5.5-released.html" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/03/02/5", + "url": "https://www.openwall.com/lists/oss-security/2011/03/02/5" + }, + { + "refsource": "DEBIAN", + "name": "611661", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611661" + }, + { + "refsource": "SECTRACK", + "name": "CVE-2011-1135", + "url": "https://security-tracker.debian.org/tracker/CVE-2011-1135" } ] } diff --git a/2018/15xxx/CVE-2018-15910.json b/2018/15xxx/CVE-2018-15910.json index 4139fc4d739..0d2ae0bb338 100644 --- a/2018/15xxx/CVE-2018-15910.json +++ b/2018/15xxx/CVE-2018-15910.json @@ -101,6 +101,11 @@ "refsource": "CONFIRM", "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K22141757?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K22141757?utm_source=f5support&utm_medium=RSS" } ] } diff --git a/2018/15xxx/CVE-2018-15911.json b/2018/15xxx/CVE-2018-15911.json index 5c2806d46c6..75aec6b73ce 100644 --- a/2018/15xxx/CVE-2018-15911.json +++ b/2018/15xxx/CVE-2018-15911.json @@ -101,6 +101,11 @@ "refsource": "CONFIRM", "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K22141757?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K22141757?utm_source=f5support&utm_medium=RSS" } ] } diff --git a/2018/16xxx/CVE-2018-16513.json b/2018/16xxx/CVE-2018-16513.json index 81fe36e0681..ea45e05f9da 100644 --- a/2018/16xxx/CVE-2018-16513.json +++ b/2018/16xxx/CVE-2018-16513.json @@ -91,6 +91,11 @@ "refsource": "CONFIRM", "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K22141757?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K22141757?utm_source=f5support&utm_medium=RSS" } ] } diff --git a/2018/18xxx/CVE-2018-18284.json b/2018/18xxx/CVE-2018-18284.json index 36db32ba8ef..1b61792dcdd 100644 --- a/2018/18xxx/CVE-2018-18284.json +++ b/2018/18xxx/CVE-2018-18284.json @@ -106,6 +106,11 @@ "refsource": "BID", "name": "107451", "url": "http://www.securityfocus.com/bid/107451" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K22141757?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K22141757?utm_source=f5support&utm_medium=RSS" } ] } diff --git a/2018/19xxx/CVE-2018-19152.json b/2018/19xxx/CVE-2018-19152.json index bc815ccc322..76967b667d3 100644 --- a/2018/19xxx/CVE-2018-19152.json +++ b/2018/19xxx/CVE-2018-19152.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19152", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "emercoin through 0.7 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806", + "refsource": "MISC", + "name": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806" + }, + { + "url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf", + "refsource": "MISC", + "name": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf" } ] } diff --git a/2018/19xxx/CVE-2018-19153.json b/2018/19xxx/CVE-2018-19153.json index 2747f3042cf..59c2622f81a 100644 --- a/2018/19xxx/CVE-2018-19153.json +++ b/2018/19xxx/CVE-2018-19153.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19153", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "particl through 0.17 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806", + "refsource": "MISC", + "name": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806" + }, + { + "url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf", + "refsource": "MISC", + "name": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf" } ] } diff --git a/2018/19xxx/CVE-2018-19154.json b/2018/19xxx/CVE-2018-19154.json index 83623140b63..cb374c212eb 100644 --- a/2018/19xxx/CVE-2018-19154.json +++ b/2018/19xxx/CVE-2018-19154.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19154", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HTMLCOIN through 2.12 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806", + "refsource": "MISC", + "name": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806" + }, + { + "url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf", + "refsource": "MISC", + "name": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf" } ] } diff --git a/2018/19xxx/CVE-2018-19155.json b/2018/19xxx/CVE-2018-19155.json index 28800d22927..836041aee7f 100644 --- a/2018/19xxx/CVE-2018-19155.json +++ b/2018/19xxx/CVE-2018-19155.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19155", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "navcoin through 4.3.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806", + "refsource": "MISC", + "name": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806" + }, + { + "url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf", + "refsource": "MISC", + "name": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf" } ] } diff --git a/2018/19xxx/CVE-2018-19156.json b/2018/19xxx/CVE-2018-19156.json index eb91a2ffb4b..3996ce1160a 100644 --- a/2018/19xxx/CVE-2018-19156.json +++ b/2018/19xxx/CVE-2018-19156.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19156", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PIVX through 3.1.03 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806", + "refsource": "MISC", + "name": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806" + }, + { + "url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf", + "refsource": "MISC", + "name": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf" } ] } diff --git a/2018/19xxx/CVE-2018-19157.json b/2018/19xxx/CVE-2018-19157.json index 1b38787c1c5..11afe7d9fb8 100644 --- a/2018/19xxx/CVE-2018-19157.json +++ b/2018/19xxx/CVE-2018-19157.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19157", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Phore through 1.3.3.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806", + "refsource": "MISC", + "name": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806" + }, + { + "url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf", + "refsource": "MISC", + "name": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf" } ] } diff --git a/2018/19xxx/CVE-2018-19159.json b/2018/19xxx/CVE-2018-19159.json index 475470412ea..1f5b963a3a0 100644 --- a/2018/19xxx/CVE-2018-19159.json +++ b/2018/19xxx/CVE-2018-19159.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19159", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "lux through 5.2.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806", + "refsource": "MISC", + "name": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806" + }, + { + "url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf", + "refsource": "MISC", + "name": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf" } ] } diff --git a/2018/19xxx/CVE-2018-19160.json b/2018/19xxx/CVE-2018-19160.json index f589840ebb7..1c0389856a2 100644 --- a/2018/19xxx/CVE-2018-19160.json +++ b/2018/19xxx/CVE-2018-19160.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19160", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Diamond through 3.0.1.2 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806", + "refsource": "MISC", + "name": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806" + }, + { + "url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf", + "refsource": "MISC", + "name": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf" } ] } diff --git a/2018/19xxx/CVE-2018-19161.json b/2018/19xxx/CVE-2018-19161.json index e06fb9778c0..fa395514180 100644 --- a/2018/19xxx/CVE-2018-19161.json +++ b/2018/19xxx/CVE-2018-19161.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19161", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "alqo through 4.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806", + "refsource": "MISC", + "name": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806" + }, + { + "url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf", + "refsource": "MISC", + "name": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf" } ] } diff --git a/2018/19xxx/CVE-2018-19162.json b/2018/19xxx/CVE-2018-19162.json index 5c24e4f9e16..9931fc638e3 100644 --- a/2018/19xxx/CVE-2018-19162.json +++ b/2018/19xxx/CVE-2018-19162.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19162", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Divi through 4.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806", + "refsource": "MISC", + "name": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806" + }, + { + "url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf", + "refsource": "MISC", + "name": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf" } ] } diff --git a/2018/19xxx/CVE-2018-19163.json b/2018/19xxx/CVE-2018-19163.json index 1a4811e6e8d..0137fe082f6 100644 --- a/2018/19xxx/CVE-2018-19163.json +++ b/2018/19xxx/CVE-2018-19163.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19163", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "stratisX through 2.0.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806", + "refsource": "MISC", + "name": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806" + }, + { + "url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf", + "refsource": "MISC", + "name": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf" } ] } diff --git a/2018/19xxx/CVE-2018-19164.json b/2018/19xxx/CVE-2018-19164.json index f14d1b89c61..33625815512 100644 --- a/2018/19xxx/CVE-2018-19164.json +++ b/2018/19xxx/CVE-2018-19164.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19164", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "reddcoin through 2.1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806", + "refsource": "MISC", + "name": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806" + }, + { + "url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf", + "refsource": "MISC", + "name": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf" } ] } diff --git a/2018/19xxx/CVE-2018-19165.json b/2018/19xxx/CVE-2018-19165.json index 18dbd05ee08..b0b6eb313df 100644 --- a/2018/19xxx/CVE-2018-19165.json +++ b/2018/19xxx/CVE-2018-19165.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19165", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "neblio through 1.5.1 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806", + "refsource": "MISC", + "name": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806" + }, + { + "url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf", + "refsource": "MISC", + "name": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf" } ] } diff --git a/2018/19xxx/CVE-2018-19166.json b/2018/19xxx/CVE-2018-19166.json index 7fd370aed8a..fb130e34dd5 100644 --- a/2018/19xxx/CVE-2018-19166.json +++ b/2018/19xxx/CVE-2018-19166.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19166", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "peercoin through 0.6.4 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806", + "refsource": "MISC", + "name": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806" + }, + { + "url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf", + "refsource": "MISC", + "name": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf" } ] } diff --git a/2018/19xxx/CVE-2018-19167.json b/2018/19xxx/CVE-2018-19167.json index 102a383f993..95f849602e0 100644 --- a/2018/19xxx/CVE-2018-19167.json +++ b/2018/19xxx/CVE-2018-19167.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19167", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CloakCoin through 2.2.2.0 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806", + "refsource": "MISC", + "name": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806" + }, + { + "url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf", + "refsource": "MISC", + "name": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf" } ] } diff --git a/2018/20xxx/CVE-2018-20796.json b/2018/20xxx/CVE-2018-20796.json index d1711547025..d65c1f861c2 100644 --- a/2018/20xxx/CVE-2018-20796.json +++ b/2018/20xxx/CVE-2018-20796.json @@ -71,6 +71,11 @@ "name": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", "refsource": "MISC", "url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS" } ] } diff --git a/2019/10xxx/CVE-2019-10084.json b/2019/10xxx/CVE-2019-10084.json index fed71e92d75..b5bd32729c5 100644 --- a/2019/10xxx/CVE-2019-10084.json +++ b/2019/10xxx/CVE-2019-10084.json @@ -45,8 +45,13 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "name": "https://lists.apache.org/thread.html/ee73dd8dc38ac3b3b132c79c9a02cf9524af9aa11190474c0ebd1f13@%3Cdev.impala.apache.org%3E", + "refsource": "MLIST", + "name": "[oss-security] 20191104 [CVE-2019-10084] privilege escalation by authenticated Apache Impala users", + "url": "http://www.openwall.com/lists/oss-security/2019/11/04/1" + }, + { + "refsource": "MLIST", + "name": "[impala-dev] 20191104 [CVE-2019-10084] privilege escalation by authenticated Apache Impala users", "url": "https://lists.apache.org/thread.html/ee73dd8dc38ac3b3b132c79c9a02cf9524af9aa11190474c0ebd1f13@%3Cdev.impala.apache.org%3E" } ] diff --git a/2019/16xxx/CVE-2019-16284.json b/2019/16xxx/CVE-2019-16284.json new file mode 100644 index 00000000000..016142dc29c --- /dev/null +++ b/2019/16xxx/CVE-2019-16284.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-16284", + "ASSIGNER": "hp-security-alert@hp.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HP Inc.", + "product": { + "product_data": [ + { + "product_name": "Multiple - See https://support.hp.com/rs-en/document/c06456250", + "version": { + "version_data": [ + { + "version_value": "Multiple - See https://support.hp.com/rs-en/document/c06456250" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.hp.com/rs-en/document/c06456250", + "url": "https://support.hp.com/rs-en/document/c06456250" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A potential security vulnerability has been identified in multiple HP products and versions which involves possible execution of arbitrary code during boot services that can result in elevation of privilege. The EFI_BOOT_SERVICES structure might be overwritten by an attacker to execute arbitrary SMM (System Management Mode) code. A list of affected products and versions are available in https://support.hp.com/rs-en/document/c06456250." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17624.json b/2019/17xxx/CVE-2019-17624.json index 045c5a2c6d6..b76d75bbbca 100644 --- a/2019/17xxx/CVE-2019-17624.json +++ b/2019/17xxx/CVE-2019-17624.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact." + "value": "\"\" In X.Org X Server 1.20.4, there is a stack-based buffer overflow in the function XQueryKeymap. For example, by sending ct.c_char 1000 times, an attacker can cause a denial of service (application crash) or possibly have unspecified other impact. Note: It is disputed if the X.Org X Server is involved or if there is a stack overflow." } ] }, diff --git a/2019/5xxx/CVE-2019-5088.json b/2019/5xxx/CVE-2019-5088.json index ea49345e9e3..38326c408b5 100644 --- a/2019/5xxx/CVE-2019-5088.json +++ b/2019/5xxx/CVE-2019-5088.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5088", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5088", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Investintech.com Inc.", + "product": { + "product_data": [ + { + "product_name": "Able2Extract Professional", + "version": { + "version_data": [ + { + "version_value": "14.0.7 x64" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0880", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0880" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary code on the victim machine. Can trigger this vulnerability by sending the user a specially crafted BMP file." } ] } diff --git a/2019/5xxx/CVE-2019-5089.json b/2019/5xxx/CVE-2019-5089.json index 02695ac93fb..ca273249fe4 100644 --- a/2019/5xxx/CVE-2019-5089.json +++ b/2019/5xxx/CVE-2019-5089.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5089", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5089", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Investintech Inc.", + "product": { + "product_data": [ + { + "product_name": "Able2Extract Professional", + "version": { + "version_data": [ + { + "version_value": "14.0.7 x64" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0881", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0881" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 4.0.7 x64. A specially crafted JPEG file can cause an out-of-bounds memory write, allowing an attacker to execute arbitrary code on the victim machine. An attacker could exploit a vulnerability by providing the user with a specially crafted JPEG file." } ] } diff --git a/2019/6xxx/CVE-2019-6142.json b/2019/6xxx/CVE-2019-6142.json index 2330ccd734d..a30357186ee 100644 --- a/2019/6xxx/CVE-2019-6142.json +++ b/2019/6xxx/CVE-2019-6142.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6142", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6142", + "ASSIGNER": "psirt@forcepoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Forcepoint", + "product": { + "product_data": [ + { + "product_name": "Forcepoint Email Security", + "version": { + "version_data": [ + { + "version_value": "8.5" + }, + { + "version_value": "8.5.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.forcepoint.com/KBArticle?id=000017691", + "url": "https://support.forcepoint.com/KBArticle?id=000017691" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue." } ] } diff --git a/2019/9xxx/CVE-2019-9192.json b/2019/9xxx/CVE-2019-9192.json index 9eb71becc25..09e69d2662a 100644 --- a/2019/9xxx/CVE-2019-9192.json +++ b/2019/9xxx/CVE-2019-9192.json @@ -56,6 +56,11 @@ "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=24269", "refsource": "MISC", "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24269" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K26346590?utm_source=f5support&utm_medium=RSS" } ] }