From fea3073771aef6eabe969293ec3a766a51a2ca70 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 11 Apr 2019 17:00:44 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/15xxx/CVE-2018-15518.json | 10 ++++++ 2018/17xxx/CVE-2018-17305.json | 48 ++++++++++++++++++++++++++-- 2019/0xxx/CVE-2019-0211.json | 5 +++ 2019/0xxx/CVE-2019-0216.json | 5 +++ 2019/0xxx/CVE-2019-0229.json | 5 +++ 2019/1xxx/CVE-2019-1573.json | 5 +++ 2019/5xxx/CVE-2019-5672.json | 58 ++++++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5673.json | 58 ++++++++++++++++++++++++++++++---- 2019/9xxx/CVE-2019-9193.json | 2 +- 9 files changed, 179 insertions(+), 17 deletions(-) diff --git a/2018/15xxx/CVE-2018-15518.json b/2018/15xxx/CVE-2018-15518.json index 82cbf90fd0e..d45c0fe8a4c 100644 --- a/2018/15xxx/CVE-2018-15518.json +++ b/2018/15xxx/CVE-2018-15518.json @@ -76,6 +76,16 @@ "name": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/", "refsource": "CONFIRM", "url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/" + }, + { + "refsource": "MISC", + "name": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/", + "url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/" + }, + { + "refsource": "MISC", + "name": "https://codereview.qt-project.org/#/c/236691/", + "url": "https://codereview.qt-project.org/#/c/236691/" } ] } diff --git a/2018/17xxx/CVE-2018-17305.json b/2018/17xxx/CVE-2018-17305.json index 7fd9bb4fbbb..4409f386223 100644 --- a/2018/17xxx/CVE-2018-17305.json +++ b/2018/17xxx/CVE-2018-17305.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17305", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "UiPath Orchestrator through 2018.2.4 allows any authenticated user to change the information of arbitrary users (even administrators) leading to privilege escalation and remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.uipath.com/product/release-notes/uipath-v2018.1.7", + "url": "https://www.uipath.com/product/release-notes/uipath-v2018.1.7" } ] } diff --git a/2019/0xxx/CVE-2019-0211.json b/2019/0xxx/CVE-2019-0211.json index 4410e6416c1..765b40353f7 100644 --- a/2019/0xxx/CVE-2019-0211.json +++ b/2019/0xxx/CVE-2019-0211.json @@ -138,6 +138,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1190", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html" + }, + { + "refsource": "MLIST", + "name": "[community-dev] 20190411 RE: CVE-2019-0211 applicable to versions 2.2.x?", + "url": "https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e@%3Cdev.community.apache.org%3E" } ] }, diff --git a/2019/0xxx/CVE-2019-0216.json b/2019/0xxx/CVE-2019-0216.json index 08459056fce..d2635fdfbb0 100644 --- a/2019/0xxx/CVE-2019-0216.json +++ b/2019/0xxx/CVE-2019-0216.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190410 CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component", "url": "http://www.openwall.com/lists/oss-security/2019/04/10/6" + }, + { + "refsource": "BID", + "name": "107869", + "url": "http://www.securityfocus.com/bid/107869" } ] }, diff --git a/2019/0xxx/CVE-2019-0229.json b/2019/0xxx/CVE-2019-0229.json index a3be208826b..67b6cd21823 100644 --- a/2019/0xxx/CVE-2019-0229.json +++ b/2019/0xxx/CVE-2019-0229.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190410 CVE-2019-0216, CVE-2019-0229 vulnerabilities affecting Apache Airflow <= 1.10.2 webserver component", "url": "http://www.openwall.com/lists/oss-security/2019/04/10/6" + }, + { + "refsource": "BID", + "name": "107869", + "url": "http://www.securityfocus.com/bid/107869" } ] }, diff --git a/2019/1xxx/CVE-2019-1573.json b/2019/1xxx/CVE-2019-1573.json index 8ed8e936d44..2a880f09116 100644 --- a/2019/1xxx/CVE-2019-1573.json +++ b/2019/1xxx/CVE-2019-1573.json @@ -53,6 +53,11 @@ "refsource": "CERT-VN", "name": "VU#192371", "url": "https://www.kb.cert.org/vuls/id/192371" + }, + { + "refsource": "BID", + "name": "107868", + "url": "http://www.securityfocus.com/bid/107868" } ] }, diff --git a/2019/5xxx/CVE-2019-5672.json b/2019/5xxx/CVE-2019-5672.json index e8e18455be8..5806570b1c8 100644 --- a/2019/5xxx/CVE-2019-5672.json +++ b/2019/5xxx/CVE-2019-5672.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5672", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5672", + "ASSIGNER": "psirt@nvidia.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Nvidia", + "product": { + "product_data": [ + { + "product_name": "Jetson TX1 and TX2", + "version": { + "version_data": [ + { + "version_value": "< R28.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service, Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NVIDIA Linux for Tegra (L4T) contains a vulnerability where the Secure Shell (SSH) keys provided in the sample rootfs are not replaced by unique host keys after sample rootsfs generation and flashing, which may lead to information disclosure. The updates apply to all versions prior to and including R28.3." } ] } diff --git a/2019/5xxx/CVE-2019-5673.json b/2019/5xxx/CVE-2019-5673.json index 114c6dd6fa7..d0f06ce0d1b 100644 --- a/2019/5xxx/CVE-2019-5673.json +++ b/2019/5xxx/CVE-2019-5673.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5673", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5673", + "ASSIGNER": "psirt@nvidia.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Nvidia", + "product": { + "product_data": [ + { + "product_name": "Jetson TX1 and TX2", + "version": { + "version_data": [ + { + "version_value": "R28.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service, Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NVIDIA Tegra kernel driver contains a vulnerability in the ARM System Memory Management Unit (SMMU) where an improper check for a fault condition causes transactions to be discarded, which may lead to denial of service. The updates apply to all versions prior to and including R28.3." } ] } diff --git a/2019/9xxx/CVE-2019-9193.json b/2019/9xxx/CVE-2019-9193.json index edb93c083ea..1553930a03a 100644 --- a/2019/9xxx/CVE-2019-9193.json +++ b/2019/9xxx/CVE-2019-9193.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "** DISPUTED ** Third parties claim/state this is not an issue because PostgreSQL functionality for \u2018COPY TO/FROM PROGRAM\u2019 is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the \u2018COPY FROM PROGRAM\u2019. Furthermore, members in 'pg_read_server_files' can run commands only if either the 'pg_execute_server_program' role or superuser are granted." + "value": "** DISPUTED ** In PostgreSQL 9.3 through 11.2, the \"COPY TO/FROM PROGRAM\" function allows superusers and users in the 'pg_read_server_files' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS. NOTE: Third parties claim/state this is not an issue because PostgreSQL functionality for \u2018COPY TO/FROM PROGRAM\u2019 is acting as intended. References state that in PostgreSQL, a superuser can execute commands as the server user without using the \u2018COPY FROM PROGRAM\u2019. Furthermore, members in 'pg_read_server_files' can run commands only if either the 'pg_execute_server_program' role or superuser are granted." } ] },