diff --git a/2016/8xxx/CVE-2016-8201.json b/2016/8xxx/CVE-2016-8201.json index 035c9bb29b4..574505f5884 100644 --- a/2016/8xxx/CVE-2016-8201.json +++ b/2016/8xxx/CVE-2016-8201.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44114" + }, + { + "refsource": "CONFIRM", + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005" } ] } diff --git a/2018/10xxx/CVE-2018-10959.json b/2018/10xxx/CVE-2018-10959.json index df7af398f99..b7cff079db0 100644 --- a/2018/10xxx/CVE-2018-10959.json +++ b/2018/10xxx/CVE-2018-10959.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-10959", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's process launch." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.linkedin.com/feed/update/urn:li:activity:6514328006666833920", + "refsource": "MISC", + "name": "https://www.linkedin.com/feed/update/urn:li:activity:6514328006666833920" + }, + { + "refsource": "MISC", + "name": "https://www.linkedin.com/feed/update/urn:li:activity:6524111541913075712", + "url": "https://www.linkedin.com/feed/update/urn:li:activity:6524111541913075712" } ] } diff --git a/2018/13xxx/CVE-2018-13378.json b/2018/13xxx/CVE-2018-13378.json index 21efb5c2533..9e10d3772d6 100644 --- a/2018/13xxx/CVE-2018-13378.json +++ b/2018/13xxx/CVE-2018-13378.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-13378", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-13378", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiSIEM", + "version": { + "version_data": [ + { + "version_value": "FortiSIEM 5.2.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fortiguard.com/advisory/FG-IR-18-382", + "url": "https://fortiguard.com/advisory/FG-IR-18-382" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability in Fortinet FortiSIEM 5.2.0 and below versions exposes the LDAP server plaintext password via the HTML source code." } ] } diff --git a/2018/4xxx/CVE-2018-4004.json b/2018/4xxx/CVE-2018-4004.json index a7d3b3690fc..53838783cf1 100644 --- a/2018/4xxx/CVE-2018-4004.json +++ b/2018/4xxx/CVE-2018-4004.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-4004", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-4004", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Shimo VPN", + "version": { + "version_data": [ + { + "version_value": "Shimo VPN 4.1.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0673", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0673" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the disconnectService functionality. A non-root user is able to kill any privileged process on the system. An attacker would need local access to the machine for a successful exploit." } ] } diff --git a/2018/4xxx/CVE-2018-4005.json b/2018/4xxx/CVE-2018-4005.json index 5074b27a0b0..97282a19ba6 100644 --- a/2018/4xxx/CVE-2018-4005.json +++ b/2018/4xxx/CVE-2018-4005.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-4005", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-4005", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Shimo VPN", + "version": { + "version_data": [ + { + "version_value": "Shimo VPN 4.1.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0674", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0674" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the configureRoutingWithCommand function. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit." } ] } diff --git a/2018/4xxx/CVE-2018-4006.json b/2018/4xxx/CVE-2018-4006.json index 2558fc17fd2..1932237d8e3 100644 --- a/2018/4xxx/CVE-2018-4006.json +++ b/2018/4xxx/CVE-2018-4006.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-4006", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-4006", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Shimo VPN", + "version": { + "version_data": [ + { + "version_value": "Shimo VPN 4.1.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0675", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0675" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine to exploit it successfully." } ] } diff --git a/2018/4xxx/CVE-2018-4007.json b/2018/4xxx/CVE-2018-4007.json index 9cbc6957b07..5d8a979c94b 100644 --- a/2018/4xxx/CVE-2018-4007.json +++ b/2018/4xxx/CVE-2018-4007.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-4007", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-4007", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Shimo VPN", + "version": { + "version_data": [ + { + "version_value": "Shimo VPN 4.1.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local privilege escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0676", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0676" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to successfully exploit the bug." } ] } diff --git a/2018/7xxx/CVE-2018-7340.json b/2018/7xxx/CVE-2018-7340.json index 541cfef8564..06e0619d4da 100644 --- a/2018/7xxx/CVE-2018-7340.json +++ b/2018/7xxx/CVE-2018-7340.json @@ -1,9 +1,40 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@duo.com", "ID": "CVE-2018-7340", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": " Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Duo Network Gateway", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "1.2.9" + } + ] + } + } + ] + }, + "vendor_name": "Duo Security" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Kelby Ludwig of Duo Security" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +42,53 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", + "refsource": "MISC", + "name": "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations" + }, + { + "url": "https://www.kb.cert.org/vuls/id/475445", + "refsource": "MISC", + "name": "https://www.kb.cert.org/vuls/id/475445" + } + ] + }, + "source": { + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/0xxx/CVE-2019-0228.json b/2019/0xxx/CVE-2019-0228.json index 98b6ee22f7b..86ccc102870 100644 --- a/2019/0xxx/CVE-2019-0228.json +++ b/2019/0xxx/CVE-2019-0228.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0228", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0228", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache PDFBox", + "version": { + "version_data": [ + { + "version_value": "Apache PDFBox 2.0.14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML External Entity (XXE) attacks" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/1a3756557f8cb02790b7183ccf7665ae23f608a421c4f723113bca79@%3Cusers.pdfbox.apache.org%3E", + "url": "https://lists.apache.org/thread.html/1a3756557f8cb02790b7183ccf7665ae23f608a421c4f723113bca79@%3Cusers.pdfbox.apache.org%3E" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF." } ] } diff --git a/2019/10xxx/CVE-2019-10947.json b/2019/10xxx/CVE-2019-10947.json index 170fe7317a3..01da4f34863 100644 --- a/2019/10xxx/CVE-2019-10947.json +++ b/2019/10xxx/CVE-2019-10947.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10947", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Delta Industrial Automation CNCSoft", + "version": { + "version_data": [ + { + "version_value": "CNCSoft ScreenEditor Version 1.00.88 and prior." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack." } ] } diff --git a/2019/10xxx/CVE-2019-10949.json b/2019/10xxx/CVE-2019-10949.json index f728c20d002..eafaa521fbc 100644 --- a/2019/10xxx/CVE-2019-10949.json +++ b/2019/10xxx/CVE-2019-10949.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10949", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Delta Industrial Automation CNCSoft", + "version": { + "version_data": [ + { + "version_value": "CNCSoft ScreenEditor Version 1.00.88 and prior." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OUT-OF-BOUNDS READ CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple out-of-bounds read vulnerabilities may be exploited, allowing information disclosure due to a lack of user input validation for processing specially crafted project files." } ] } diff --git a/2019/10xxx/CVE-2019-10951.json b/2019/10xxx/CVE-2019-10951.json index 0102cf1ab6f..63fcb54ebde 100644 --- a/2019/10xxx/CVE-2019-10951.json +++ b/2019/10xxx/CVE-2019-10951.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10951", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Delta Industrial Automation CNCSoft", + "version": { + "version_data": [ + { + "version_value": "CNCSoft ScreenEditor Version 1.00.88 and prior." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HEAP-BASED BUFFER OVERFLOW CWE-122" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap." } ] } diff --git a/2019/10xxx/CVE-2019-10953.json b/2019/10xxx/CVE-2019-10953.json index 91d940cb306..35e1a337e24 100644 --- a/2019/10xxx/CVE-2019-10953.json +++ b/2019/10xxx/CVE-2019-10953.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10953", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers", + "version": { + "version_data": [ + { + "version_value": "Multiple" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNCONTROLLED RESOURCE CONSUMPTION CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-106-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets." } ] } diff --git a/2019/1xxx/CVE-2019-1573.json b/2019/1xxx/CVE-2019-1573.json index 2a880f09116..90de4ad0935 100644 --- a/2019/1xxx/CVE-2019-1573.json +++ b/2019/1xxx/CVE-2019-1573.json @@ -58,6 +58,11 @@ "refsource": "BID", "name": "107868", "url": "http://www.securityfocus.com/bid/107868" + }, + { + "refsource": "CONFIRM", + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0005" } ] }, diff --git a/2019/5xxx/CVE-2019-5672.json b/2019/5xxx/CVE-2019-5672.json index ef1fab6b0fe..776257c246a 100644 --- a/2019/5xxx/CVE-2019-5672.json +++ b/2019/5xxx/CVE-2019-5672.json @@ -11,7 +11,7 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Nvidia", + "vendor_name": "NVIDIA", "product": { "product_data": [ { @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "< R28.3" + "version_value": "All versions prior to version R28.3" } ] } @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "Denial of Service, Information Disclosure" + "value": "Information disclosure" } ] } @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure. The updates apply to all versions prior to and including R28.3." + "value": "NVIDIA Jetson TX1 and TX2 contain a vulnerability in the Linux for Tegra (L4T) operating system (on all versions prior to R28.3) where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure." } ] } diff --git a/2019/5xxx/CVE-2019-5673.json b/2019/5xxx/CVE-2019-5673.json index c9ac8bff62b..67769bf2550 100644 --- a/2019/5xxx/CVE-2019-5673.json +++ b/2019/5xxx/CVE-2019-5673.json @@ -11,15 +11,15 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Nvidia", + "vendor_name": "NVIDIA", "product": { "product_data": [ { - "product_name": "Jetson TX1 and TX2", + "product_name": "Jetson TX2", "version": { "version_data": [ { - "version_value": "R28.3" + "version_value": "All versions prior to version R28.3" } ] } @@ -36,7 +36,7 @@ "description": [ { "lang": "eng", - "value": "Denial of Service, Information Disclosure" + "value": "Denial of service" } ] } @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "NVIDIA Jetson TX2 contains a vulnerability in the kernel driver where the ARM System Memory Management Unit (SMMU) improperly checks for a fault condition, causing transactions to be discarded, which may lead to denial of service. The updates apply to all versions prior to and including R28.3." + "value": "NVIDIA Jetson TX2 contains a vulnerability in the kernel driver (on all versions prior to R28.3) where the ARM System Memory Management Unit (SMMU) improperly checks for a fault condition, causing transactions to be discarded, which may lead to denial of service." } ] } diff --git a/2019/6xxx/CVE-2019-6150.json b/2019/6xxx/CVE-2019-6150.json index c162c3b0392..b3dc1f87dea 100644 --- a/2019/6xxx/CVE-2019-6150.json +++ b/2019/6xxx/CVE-2019-6150.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6150", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6150", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2019/6xxx/CVE-2019-6151.json b/2019/6xxx/CVE-2019-6151.json index 863848eb3d1..c6038e1b666 100644 --- a/2019/6xxx/CVE-2019-6151.json +++ b/2019/6xxx/CVE-2019-6151.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6151", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6151", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2019/6xxx/CVE-2019-6152.json b/2019/6xxx/CVE-2019-6152.json index bb8e04d41c1..63d9f7163b5 100644 --- a/2019/6xxx/CVE-2019-6152.json +++ b/2019/6xxx/CVE-2019-6152.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6152", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6152", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2019/6xxx/CVE-2019-6153.json b/2019/6xxx/CVE-2019-6153.json index f82617c5ec3..a5ed212cd30 100644 --- a/2019/6xxx/CVE-2019-6153.json +++ b/2019/6xxx/CVE-2019-6153.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6153", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6153", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2019/8xxx/CVE-2019-8453.json b/2019/8xxx/CVE-2019-8453.json index ab37617b853..d70da3680ad 100644 --- a/2019/8xxx/CVE-2019-8453.json +++ b/2019/8xxx/CVE-2019-8453.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8453", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8453", + "ASSIGNER": "cve@checkpoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Check Point ZoneAlarm", + "version": { + "version_data": [ + { + "version_value": "up to 15.4.062" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-114" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960", + "url": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Some of the DLLs loaded by Check Point ZoneAlarm up to 15.4.062 are taken from directories where all users have write permissions. This can allow a local attacker to replace a DLL file with a malicious one and cause Denial of Service to the client." } ] } diff --git a/2019/8xxx/CVE-2019-8455.json b/2019/8xxx/CVE-2019-8455.json index eb7a275b0ef..4c0ccbb3ed6 100644 --- a/2019/8xxx/CVE-2019-8455.json +++ b/2019/8xxx/CVE-2019-8455.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8455", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8455", + "ASSIGNER": "cve@checkpoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Check Point ZoneAlarm", + "version": { + "version_data": [ + { + "version_value": "up to 15.4.062" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-65" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960", + "url": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file." } ] }