From 1393d76739aa1e4fd265c4a948ad845e6d95b0b0 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 4 Apr 2019 21:00:45 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/1000xxx/CVE-2018-1000613.json | 2 +- 2018/19xxx/CVE-2018-19282.json | 53 ++++++++++++++++++++++++++++-- 2019/1xxx/CVE-2019-1543.json | 5 +++ 2019/6xxx/CVE-2019-6977.json | 5 +++ 2019/6xxx/CVE-2019-6978.json | 5 +++ 5 files changed, 67 insertions(+), 3 deletions(-) diff --git a/2018/1000xxx/CVE-2018-1000613.json b/2018/1000xxx/CVE-2018-1000613.json index afb9e47536f..5e11eea23f7 100644 --- a/2018/1000xxx/CVE-2018-1000613.json +++ b/2018/1000xxx/CVE-2018-1000613.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs version prior to version 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code.. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application.. This vulnerability appears to have been fixed in 1.60 and later." + "value": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later." } ] }, diff --git a/2018/19xxx/CVE-2018-19282.json b/2018/19xxx/CVE-2018-19282.json index 7b677095deb..3246353cd9c 100644 --- a/2018/19xxx/CVE-2018-19282.json +++ b/2018/19xxx/CVE-2018-19282.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19282", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. The vulnerability allows the attacker to crash the CIP in a way that it does not accept new connections, but keeps the current connections active, which can prevent legitimate users from recovering control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-087-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-087-01" + }, + { + "refsource": "MISC", + "name": "https://applied-risk.com/application/files/4215/5385/2294/Advisory_AR2019004_Rockwell_Powerflex_525_Denial_of_Service.pdf", + "url": "https://applied-risk.com/application/files/4215/5385/2294/Advisory_AR2019004_Rockwell_Powerflex_525_Denial_of_Service.pdf" } ] } diff --git a/2019/1xxx/CVE-2019-1543.json b/2019/1xxx/CVE-2019-1543.json index f7b8bfc4c8d..894959ed86f 100644 --- a/2019/1xxx/CVE-2019-1543.json +++ b/2019/1xxx/CVE-2019-1543.json @@ -94,6 +94,11 @@ "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ee22257b1418438ebaf54df98af4e24f494d1809", "refsource": "CONFIRM", "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ee22257b1418438ebaf54df98af4e24f494d1809" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1147", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00027.html" } ] } diff --git a/2019/6xxx/CVE-2019-6977.json b/2019/6xxx/CVE-2019-6977.json index 583de3c2850..f720099163d 100644 --- a/2019/6xxx/CVE-2019-6977.json +++ b/2019/6xxx/CVE-2019-6977.json @@ -96,6 +96,11 @@ "refsource": "GENTOO", "name": "GLSA-201903-18", "url": "https://security.gentoo.org/glsa/201903-18" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1148", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html" } ] } diff --git a/2019/6xxx/CVE-2019-6978.json b/2019/6xxx/CVE-2019-6978.json index 60bc7ab97d1..24c2827d089 100644 --- a/2019/6xxx/CVE-2019-6978.json +++ b/2019/6xxx/CVE-2019-6978.json @@ -86,6 +86,11 @@ "refsource": "GENTOO", "name": "GLSA-201903-18", "url": "https://security.gentoo.org/glsa/201903-18" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1148", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00025.html" } ] }