From f9a6d4a415ec355a6a4311bb59c6841250700bc1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 26 Mar 2019 14:00:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10063.json | 62 +++++++ 2019/6xxx/CVE-2019-6538.json | 311 +++------------------------------ 2019/9xxx/CVE-2019-9764.json | 48 ++++- 3 files changed, 133 insertions(+), 288 deletions(-) create mode 100644 2019/10xxx/CVE-2019-10063.json diff --git a/2019/10xxx/CVE-2019-10063.json b/2019/10xxx/CVE-2019-10063.json new file mode 100644 index 00000000000..e5f080b007d --- /dev/null +++ b/2019/10xxx/CVE-2019-10063.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Flatpak before 1.0.8, 1.1.x and 1.2.x before 1.2.4, and 1.3.x before 1.3.1 allows a sandbox bypass. Flatpak versions since 0.8.1 address CVE-2017-5226 by using a seccomp filter to prevent sandboxed apps from using the TIOCSTI ioctl, which could otherwise be used to inject commands into the controlling terminal so that they would be executed outside the sandbox after the sandboxed app exits. This fix was incomplete: on 64-bit platforms, the seccomp filter could be bypassed by an ioctl request number that has TIOCSTI in its 32 least significant bits and an arbitrary nonzero value in its 32 most significant bits, which the Linux kernel would treat as equivalent to TIOCSTI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/flatpak/flatpak/issues/2782", + "refsource": "MISC", + "name": "https://github.com/flatpak/flatpak/issues/2782" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6538.json b/2019/6xxx/CVE-2019-6538.json index 5269e29e5a5..3647cace3df 100644 --- a/2019/6xxx/CVE-2019-6538.json +++ b/2019/6xxx/CVE-2019-6538.json @@ -20,327 +20,61 @@ "version_data": [ { "version_value": "MyCareLink Monitor versions 24950 and 24952" - } - ] - } - } - ] - } - }, - { - "vendor_name": "Medtronic", - "product": { - "product_data": [ - { - "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", - "version": { - "version_data": [ + }, { "version_value": "CareLink Monitor version 2490C" - } - ] - } - } - ] - } - }, - { - "vendor_name": "Medtronic", - "product": { - "product_data": [ - { - "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", - "version": { - "version_data": [ + }, { "version_value": "CareLink 2090 Programmer" - } - ] - } - } - ] - } - }, - { - "vendor_name": "Medtronic", - "product": { - "product_data": [ - { - "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", - "version": { - "version_data": [ + }, { "version_value": "Amplia CRT-D" - } - ] - } - } - ] - } - }, - { - "vendor_name": "Medtronic", - "product": { - "product_data": [ - { - "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", - "version": { - "version_data": [ + }, { "version_value": "Claria CRT-D" - } - ] - } - } - ] - } - }, - { - "vendor_name": "Medtronic", - "product": { - "product_data": [ - { - "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", - "version": { - "version_data": [ + }, { "version_value": "Compia CRT-D" - } - ] - } - } - ] - } - }, - { - "vendor_name": "Medtronic", - "product": { - "product_data": [ - { - "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", - "version": { - "version_data": [ + }, { "version_value": "Concerto CRT-D" - } - ] - } - } - ] - } - }, - { - "vendor_name": "Medtronic", - "product": { - "product_data": [ - { - "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", - "version": { - "version_data": [ + }, { "version_value": "Concerto II CRT-D" - } - ] - } - } - ] - } - }, - { - "vendor_name": "Medtronic", - "product": { - "product_data": [ - { - "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", - "version": { - "version_data": [ + }, { "version_value": "Consulta CRT-D" - } - ] - } - } - ] - } - }, - { - "vendor_name": "Medtronic", - "product": { - "product_data": [ - { - "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", - "version": { - "version_data": [ + }, { "version_value": "Evera ICD" - } - ] - } - } - ] - } - }, - { - "vendor_name": "Medtronic", - "product": { - "product_data": [ - { - "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", - "version": { - "version_data": [ + }, { "version_value": "Maximo II CRT-D and ICD" - } - ] - } - } - ] - } - }, - { - "vendor_name": "Medtronic", - "product": { - "product_data": [ - { - "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", - "version": { - "version_data": [ + }, { "version_value": "Mirro ICD" - } - ] - } - } - ] - } - }, - { - "vendor_name": "Medtronic", - "product": { - "product_data": [ - { - "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", - "version": { - "version_data": [ + }, { "version_value": "Nayamed ND ICD" - } - ] - } - } - ] - } - }, - { - "vendor_name": "Medtronic", - "product": { - "product_data": [ - { - "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", - "version": { - "version_data": [ + }, { "version_value": "Primo ICD" - } - ] - } - } - ] - } - }, - { - "vendor_name": "Medtronic", - "product": { - "product_data": [ - { - "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", - "version": { - "version_data": [ + }, { "version_value": "Protecta ICD and CRT-D" - } - ] - } - } - ] - } - }, - { - "vendor_name": "Medtronic", - "product": { - "product_data": [ - { - "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", - "version": { - "version_data": [ + }, { "version_value": "Secura ICD" - } - ] - } - } - ] - } - }, - { - "vendor_name": "Medtronic", - "product": { - "product_data": [ - { - "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", - "version": { - "version_data": [ + }, { "version_value": "Virtuoso ICD" - } - ] - } - } - ] - } - }, - { - "vendor_name": "Medtronic", - "product": { - "product_data": [ - { - "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", - "version": { - "version_data": [ + }, { "version_value": "Virtuoso II ICD" - } - ] - } - } - ] - } - }, - { - "vendor_name": "Medtronic", - "product": { - "product_data": [ - { - "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", - "version": { - "version_data": [ + }, { "version_value": "Visia AF ICD" - } - ] - } - } - ] - } - }, - { - "vendor_name": "Medtronic", - "product": { - "product_data": [ - { - "product_name": "Medtronic Conexus Radio Frequency Telemetry Protocol", - "version": { - "version_data": [ + }, { "version_value": "Viva CRT-D" } @@ -368,7 +102,12 @@ "references": { "reference_data": [ { - "refsource": "MISC", + "refsource": "BID", + "name": "107544", + "url": "http://www.securityfocus.com/bid/107544" + }, + { + "refsource": "CONFIRM", "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01" } diff --git a/2019/9xxx/CVE-2019-9764.json b/2019/9xxx/CVE-2019-9764.json index b19ee613adf..d7793034dbd 100644 --- a/2019/9xxx/CVE-2019-9764.json +++ b/2019/9xxx/CVE-2019-9764.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9764", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actually set to true. This is fixed in 1.4.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hashicorp/consul/issues/5519", + "refsource": "MISC", + "name": "https://github.com/hashicorp/consul/issues/5519" } ] }