diff --git a/2019/16xxx/CVE-2019-16787.json b/2019/16xxx/CVE-2019-16787.json index 603c17cb5e3..2e7fc971679 100644 --- a/2019/16xxx/CVE-2019-16787.json +++ b/2019/16xxx/CVE-2019-16787.json @@ -1,110 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "security-advisories@github.com", - "ID": "CVE-2019-16787", - "STATE": "PUBLIC", - "TITLE": "NetHack: Privilege escalation/remote code execution/crash in configuration parsing" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "NetHack", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_name": "= 3.6.0", - "version_value": "3.6.0" - }, - { - "version_affected": "=", - "version_name": "= 3.6.1", - "version_value": "3.6.1" - }, - { - "version_affected": "=", - "version_name": "= 3.6.2", - "version_value": "3.6.2" - }, - { - "version_affected": "=", - "version_name": "= 3.6.3", - "version_value": "3.6.3" - } - ] - } - } - ] - }, - "vendor_name": "NetHack" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-16787", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "In NatHack between 3.6.0 and 3.6.3, a buffer overflow issue exists when reading very long lines from a NetHack configuration file (usually named .nethackrc). This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. All users are urged to upgrade to NetHack 3.6.4 as soon as possible." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-19905. Reason: This candidate is a duplicate of CVE-2019-19905. Notes: All CVE users should reference CVE-2019-19905 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] - }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "LOCAL", - "availabilityImpact": "LOW", - "baseScore": 7, - "baseSeverity": "HIGH", - "confidentialityImpact": "LOW", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-269" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47", - "refsource": "MISC", - "url": "https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47" - }, - { - "name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-3cm7-rgh5-9pq5", - "refsource": "CONFIRM", - "url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-3cm7-rgh5-9pq5" - }, - { - "name": "https://nethack.org/security/", - "refsource": "MISC", - "url": "https://nethack.org/security/" - } - ] - }, - "source": { - "advisory": "GHSA-3cm7-rgh5-9pq5", - "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19905.json b/2019/19xxx/CVE-2019-19905.json index 3acc80d52a5..cd62cf79f5e 100644 --- a/2019/19xxx/CVE-2019-19905.json +++ b/2019/19xxx/CVE-2019-19905.json @@ -66,6 +66,16 @@ "url": "https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47", "refsource": "MISC", "name": "https://github.com/NetHack/NetHack/commit/f001de79542b8c38b1f8e6d7eaefbbd28ab94b47" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-3cm7-rgh5-9pq5", + "url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-3cm7-rgh5-9pq5" + }, + { + "refsource": "MISC", + "name": "https://nethack.org/security/", + "url": "https://nethack.org/security/" } ] } diff --git a/2019/19xxx/CVE-2019-19923.json b/2019/19xxx/CVE-2019-19923.json new file mode 100644 index 00000000000..e0287c866ca --- /dev/null +++ b/2019/19xxx/CVE-2019-19923.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19923", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19924.json b/2019/19xxx/CVE-2019-19924.json new file mode 100644 index 00000000000..572d5e7e53b --- /dev/null +++ b/2019/19xxx/CVE-2019-19924.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19924", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19925.json b/2019/19xxx/CVE-2019-19925.json new file mode 100644 index 00000000000..f2fe2700d22 --- /dev/null +++ b/2019/19xxx/CVE-2019-19925.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-19925", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19926.json b/2019/19xxx/CVE-2019-19926.json new file mode 100644 index 00000000000..e13ab9300fa --- /dev/null +++ b/2019/19xxx/CVE-2019-19926.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-19926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089", + "refsource": "MISC", + "name": "https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089" + } + ] + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2228.json b/2019/2xxx/CVE-2019-2228.json index dc15fb63088..206c1f7069a 100644 --- a/2019/2xxx/CVE-2019-2228.json +++ b/2019/2xxx/CVE-2019-2228.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://source.android.com/security/bulletin/2019-12-01", "url": "https://source.android.com/security/bulletin/2019-12-01" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20191222 [SECURITY] [DLA 2047-1] cups security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00030.html" } ] },