From fd6c4bc9389b4c21b4f9b45127ccf3aa9b3fae0d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 27 Jan 2020 16:01:12 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2014/8xxx/CVE-2014-8161.json | 92 ++++++++++++++++++++++++++++++++-- 2014/9xxx/CVE-2014-9481.json | 65 ++++++++++++++++++++++-- 2015/0xxx/CVE-2015-0241.json | 92 ++++++++++++++++++++++++++++++++-- 2015/0xxx/CVE-2015-0242.json | 92 ++++++++++++++++++++++++++++++++-- 2015/0xxx/CVE-2015-0243.json | 92 ++++++++++++++++++++++++++++++++-- 2015/0xxx/CVE-2015-0244.json | 92 ++++++++++++++++++++++++++++++++-- 2015/0xxx/CVE-2015-0294.json | 60 ++++++++++++++++++++-- 2015/3xxx/CVE-2015-3154.json | 56 +++++++++++++++++++-- 2019/17xxx/CVE-2019-17190.json | 62 +++++++++++++++++++++++ 2019/1xxx/CVE-2019-1348.json | 50 ++++++++++++++++-- 2019/1xxx/CVE-2019-1353.json | 50 ++++++++++++++++-- 11 files changed, 773 insertions(+), 30 deletions(-) create mode 100644 2019/17xxx/CVE-2019-17190.json diff --git a/2014/8xxx/CVE-2014-8161.json b/2014/8xxx/CVE-2014-8161.json index ffaa622c9b8..cdda87a59cd 100644 --- a/2014/8xxx/CVE-2014-8161.json +++ b/2014/8xxx/CVE-2014-8161.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-8161", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,93 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PostgreSQL Global Development Group", + "product": { + "product_data": [ + { + "product_name": "PostgreSQL", + "version": { + "version_data": [ + { + "version_value": "before 9.0.19" + }, + { + "version_value": "9.1.x before 9.1.15" + }, + { + "version_value": "9.2.x before 9.2.10" + }, + { + "version_value": "9.3.x before 9.3.6" + }, + { + "version_value": "9.4.x before 9.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", + "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/about/news/1569/", + "url": "http://www.postgresql.org/about/news/1569/" + }, + { + "refsource": "CONFIRM", + "name": "http://www.debian.org/security/2015/dsa-3155", + "url": "http://www.debian.org/security/2015/dsa-3155" } ] } diff --git a/2014/9xxx/CVE-2014-9481.json b/2014/9xxx/CVE-2014-9481.json index 4427a1877a5..586589d5825 100644 --- a/2014/9xxx/CVE-2014-9481.json +++ b/2014/9xxx/CVE-2014-9481.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2014-9481", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Scribunto", + "product": { + "product_data": [ + { + "product_name": "Scribunto", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/12/21/2", + "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/01/03/13", + "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13" + }, + { + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T73167", + "url": "https://phabricator.wikimedia.org/T73167" + }, + { + "refsource": "CONFIRM", + "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html" } ] } diff --git a/2015/0xxx/CVE-2015-0241.json b/2015/0xxx/CVE-2015-0241.json index f044db482b3..3c984b7ac41 100644 --- a/2015/0xxx/CVE-2015-0241.json +++ b/2015/0xxx/CVE-2015-0241.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0241", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,93 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PostgreSQL Global Development Group", + "product": { + "product_data": [ + { + "product_name": "PostgreSQL", + "version": { + "version_data": [ + { + "version_value": "before 9.0.19" + }, + { + "version_value": "9.1.x before 9.1.15" + }, + { + "version_value": "9.2.x before 9.2.10" + }, + { + "version_value": "9.3.x before 9.3.6" + }, + { + "version_value": "9.4.x before 9.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", + "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/about/news/1569/", + "url": "http://www.postgresql.org/about/news/1569/" + }, + { + "refsource": "CONFIRM", + "name": "http://www.debian.org/security/2015/dsa-3155", + "url": "http://www.debian.org/security/2015/dsa-3155" } ] } diff --git a/2015/0xxx/CVE-2015-0242.json b/2015/0xxx/CVE-2015-0242.json index 926cb66e385..bb57903554c 100644 --- a/2015/0xxx/CVE-2015-0242.json +++ b/2015/0xxx/CVE-2015-0242.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0242", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,93 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PostgreSQL Global Development Group", + "product": { + "product_data": [ + { + "product_name": "PostgreSQL", + "version": { + "version_data": [ + { + "version_value": "before 9.0.19" + }, + { + "version_value": "9.1.x before 9.1.15" + }, + { + "version_value": "9.2.x before 9.2.10" + }, + { + "version_value": "9.3.x before 9.3.6" + }, + { + "version_value": "9.4.x before 9.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", + "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/about/news/1569/", + "url": "http://www.postgresql.org/about/news/1569/" + }, + { + "refsource": "CONFIRM", + "name": "http://www.debian.org/security/2015/dsa-3155", + "url": "http://www.debian.org/security/2015/dsa-3155" } ] } diff --git a/2015/0xxx/CVE-2015-0243.json b/2015/0xxx/CVE-2015-0243.json index 831b3b1346a..0b8f9748a49 100644 --- a/2015/0xxx/CVE-2015-0243.json +++ b/2015/0xxx/CVE-2015-0243.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0243", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,93 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PostgreSQL Global Development Group", + "product": { + "product_data": [ + { + "product_name": "PostgreSQL", + "version": { + "version_data": [ + { + "version_value": "before 9.0.19" + }, + { + "version_value": "9.1.x before 9.1.15" + }, + { + "version_value": "9.2.x before 9.2.10" + }, + { + "version_value": "9.3.x before 9.3.6" + }, + { + "version_value": "9.4.x before 9.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", + "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/about/news/1569/", + "url": "http://www.postgresql.org/about/news/1569/" + }, + { + "refsource": "CONFIRM", + "name": "http://www.debian.org/security/2015/dsa-3155", + "url": "http://www.debian.org/security/2015/dsa-3155" } ] } diff --git a/2015/0xxx/CVE-2015-0244.json b/2015/0xxx/CVE-2015-0244.json index e6100ae07ef..6d43ae3b9f0 100644 --- a/2015/0xxx/CVE-2015-0244.json +++ b/2015/0xxx/CVE-2015-0244.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0244", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,93 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PostgreSQL Global Development Group", + "product": { + "product_data": [ + { + "product_name": "PostgreSQL", + "version": { + "version_data": [ + { + "version_value": "before 9.0.19" + }, + { + "version_value": "9.1.x before 9.1.15" + }, + { + "version_value": "9.2.x before 9.2.10" + }, + { + "version_value": "9.3.x before 9.3.6" + }, + { + "version_value": "9.4.x before 9.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", + "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/about/news/1569/", + "url": "http://www.postgresql.org/about/news/1569/" + }, + { + "refsource": "CONFIRM", + "name": "http://www.debian.org/security/2015/dsa-3155", + "url": "http://www.debian.org/security/2015/dsa-3155" } ] } diff --git a/2015/0xxx/CVE-2015-0294.json b/2015/0xxx/CVE-2015-0294.json index 1126e760455..dd2c78248da 100644 --- a/2015/0xxx/CVE-2015-0294.json +++ b/2015/0xxx/CVE-2015-0294.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0294", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptography" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GnuTLS", + "product": { + "product_data": [ + { + "product_name": "GnuTLS", + "version": { + "version_data": [ + { + "version_value": "before 3.3.13" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1196323", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196323" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff", + "url": "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff" + }, + { + "refsource": "MISC", + "name": "http://www.debian.org/security/2015/dsa-3191", + "url": "http://www.debian.org/security/2015/dsa-3191" } ] } diff --git a/2015/3xxx/CVE-2015-3154.json b/2015/3xxx/CVE-2015-3154.json index 34a98d79295..cd686a40498 100644 --- a/2015/3xxx/CVE-2015-3154.json +++ b/2015/3xxx/CVE-2015-3154.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3154", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,57 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CRLF injection vulnerability in Zend\\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CRLF Injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zend Technologies", + "product": { + "product_data": [ + { + "product_name": "Zend Framework", + "version": { + "version_data": [ + { + "version_value": "before 1.12.12" + }, + { + "version_value": "2.x before 2.3.8" + }, + { + "version_value": "2.4.x before 2.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://framework.zend.com/security/advisory/ZF2015-04", + "url": "http://framework.zend.com/security/advisory/ZF2015-04" } ] } diff --git a/2019/17xxx/CVE-2019-17190.json b/2019/17xxx/CVE-2019-17190.json new file mode 100644 index 00000000000..528171f25f2 --- /dev/null +++ b/2019/17xxx/CVE-2019-17190.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the elevated process cleans the ACL of the Update.ini file in %PROGRAMDATA%\\Avast Software\\Browser\\Update\\ and sets all privileges to group Everyone. Because any low-privileged user can create, delete, or modify the Update.ini file stored in this location, an attacker with low privileges can create a hard link named Update.ini in this folder, and make it point to a file writable by NT AUTHORITY\\SYSTEM. Once AvastBrowserUpdate.exe is triggered by the update check functionality, the DACL is set to a misconfigured value on the crafted Update.ini and, consequently, to the target file that was previously not writable by the low-privileged attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.avast.com/bug-bounty-credits/en/a-tribute-to-our-security-research-community", + "url": "https://www.avast.com/bug-bounty-credits/en/a-tribute-to-our-security-research-community" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1348.json b/2019/1xxx/CVE-2019-1348.json index 2bd0a3fb44b..010dc967d38 100644 --- a/2019/1xxx/CVE-2019-1348.json +++ b/2019/1xxx/CVE-2019-1348.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-1348", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft Corporation", + "product": { + "product_data": [ + { + "product_name": "Git", + "version": { + "version_data": [ + { + "version_value": "Before 2.24.1, 2.23.1, 2.22.2, 2.21.1, 2.20.2, 2.19.3, 2.18.2, 2.17.3, 2.16.6, 2.15.4, 2.14.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u", + "url": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." + "value": "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths." } ] } diff --git a/2019/1xxx/CVE-2019-1353.json b/2019/1xxx/CVE-2019-1353.json index eae853cad28..9a270f484a8 100644 --- a/2019/1xxx/CVE-2019-1353.json +++ b/2019/1xxx/CVE-2019-1353.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-1353", - "ASSIGNER": "cve@mitre.org", - "STATE": "REJECT" + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft Corporation", + "product": { + "product_data": [ + { + "product_name": "Git", + "version": { + "version_data": [ + { + "version_value": "Before 2.24.1, 2.23.1, 2.22.2, 2.21.1, 2.20.2, 2.19.3, 2.18.2, 2.17.3, 2.16.6, 2.15.4, 2.14.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u", + "url": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." + "value": "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as \"WSL\") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active." } ] }