From f858e054d26b311b3e66d2a95b376d51ab4761bd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 10 Apr 2019 20:00:41 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2005/3xxx/CVE-2005-3590.json | 62 ++++++++++++++++++++++++++++++++++ 2006/7xxx/CVE-2006-7254.json | 62 ++++++++++++++++++++++++++++++++++ 2018/20xxx/CVE-2018-20244.json | 5 +++ 2019/0xxx/CVE-2019-0216.json | 58 +++++++++++++++++++++++++++---- 2019/0xxx/CVE-2019-0229.json | 58 +++++++++++++++++++++++++++---- 2019/11xxx/CVE-2019-11068.json | 62 ++++++++++++++++++++++++++++++++++ 2019/11xxx/CVE-2019-11069.json | 18 ++++++++++ 2019/6xxx/CVE-2019-6556.json | 58 +++++++++++++++++++++++++++---- 2019/9xxx/CVE-2019-9694.json | 58 +++++++++++++++++++++++++++---- 9 files changed, 413 insertions(+), 28 deletions(-) create mode 100644 2005/3xxx/CVE-2005-3590.json create mode 100644 2006/7xxx/CVE-2006-7254.json create mode 100644 2019/11xxx/CVE-2019-11068.json create mode 100644 2019/11xxx/CVE-2019-11069.json diff --git a/2005/3xxx/CVE-2005-3590.json b/2005/3xxx/CVE-2005-3590.json new file mode 100644 index 00000000000..f3d71571605 --- /dev/null +++ b/2005/3xxx/CVE-2005-3590.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-3590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The getgrouplist function in the GNU C library (glibc) before version 2.3.5, when invoked with a zero argument, writes to the passed pointer even if the specified array size is zero, leading to a buffer overflow and potentially allowing attackers to corrupt memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=661", + "refsource": "MISC", + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=661" + } + ] + } +} \ No newline at end of file diff --git a/2006/7xxx/CVE-2006-7254.json b/2006/7xxx/CVE-2006-7254.json new file mode 100644 index 00000000000..68d572f4ba8 --- /dev/null +++ b/2006/7xxx/CVE-2006-7254.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2006-7254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=2498", + "refsource": "MISC", + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=2498" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20244.json b/2018/20xxx/CVE-2018-20244.json index afa11e80933..fd560e76111 100644 --- a/2018/20xxx/CVE-2018-20244.json +++ b/2018/20xxx/CVE-2018-20244.json @@ -57,6 +57,11 @@ "name": "https://lists.apache.org/thread.html/f656fddf9c49293b3ec450437c46709eb01a12d1645136b2f1b8573b@%3Cdev.airflow.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/f656fddf9c49293b3ec450437c46709eb01a12d1645136b2f1b8573b@%3Cdev.airflow.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[airflow-dev] 20190410 CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component", + "url": "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E" } ] } diff --git a/2019/0xxx/CVE-2019-0216.json b/2019/0xxx/CVE-2019-0216.json index 03b7b2739f9..526b436f350 100644 --- a/2019/0xxx/CVE-2019-0216.json +++ b/2019/0xxx/CVE-2019-0216.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0216", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0216", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache Airflow", + "version": { + "version_data": [ + { + "version_value": "Apache Airflow <= 1.10.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stored XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E", + "url": "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views." } ] } diff --git a/2019/0xxx/CVE-2019-0229.json b/2019/0xxx/CVE-2019-0229.json index b1124dfcb89..655e9e75d02 100644 --- a/2019/0xxx/CVE-2019-0229.json +++ b/2019/0xxx/CVE-2019-0229.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0229", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0229", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache Airflow", + "version": { + "version_data": [ + { + "version_value": "Apache Airflow <= 1.10.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CSRF" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E", + "url": "https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A number of HTTP endpoints in the Airflow webserver (both RBAC and classic) did not have adequate protection and were vulnerable to cross-site request forgery attacks." } ] } diff --git a/2019/11xxx/CVE-2019-11068.json b/2019/11xxx/CVE-2019-11068.json new file mode 100644 index 00000000000..12ca51ade3d --- /dev/null +++ b/2019/11xxx/CVE-2019-11068.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-11068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6", + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6" + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11069.json b/2019/11xxx/CVE-2019-11069.json new file mode 100644 index 00000000000..4bcb0bbaacf --- /dev/null +++ b/2019/11xxx/CVE-2019-11069.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11069", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6556.json b/2019/6xxx/CVE-2019-6556.json index 3f8b6a22635..814355e8908 100644 --- a/2019/6xxx/CVE-2019-6556.json +++ b/2019/6xxx/CVE-2019-6556.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6556", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6556", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Omron", + "product": { + "product_data": [ + { + "product_name": "CX-Programmer within CX-One", + "version": { + "version_data": [ + { + "version_value": "CX-Programmer v9.70 and prior and Common Components January 2019 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "USE AFTER FREE CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-094-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application." } ] } diff --git a/2019/9xxx/CVE-2019-9694.json b/2019/9xxx/CVE-2019-9694.json index 88f95b40ae1..9d2250aef0b 100644 --- a/2019/9xxx/CVE-2019-9694.json +++ b/2019/9xxx/CVE-2019-9694.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9694", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9694", + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Symantec", + "product": { + "product_data": [ + { + "product_name": "Symantec Endpoint Encryption", + "version": { + "version_data": [ + { + "version_value": "Prior to SEE 11.2.1 MP1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.symantec.com/en_US/article.SYMSA1478.html", + "url": "https://support.symantec.com/en_US/article.SYMSA1478.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Symantec Endpoint Encryption prior to SEE 11.2.1 MP1 may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user." } ] }