diff --git a/2016/10xxx/CVE-2016-10741.json b/2016/10xxx/CVE-2016-10741.json index fbc995242be..792f91120f8 100644 --- a/2016/10xxx/CVE-2016-10741.json +++ b/2016/10xxx/CVE-2016-10741.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2017/13xxx/CVE-2017-13305.json b/2017/13xxx/CVE-2017-13305.json index 0a266c16f83..fae62e97a0b 100644 --- a/2017/13xxx/CVE-2017-13305.json +++ b/2017/13xxx/CVE-2017-13305.json @@ -87,6 +87,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2017/5xxx/CVE-2017-5753.json b/2017/5xxx/CVE-2017-5753.json index 2f352de5746..6d5d9016ff4 100644 --- a/2017/5xxx/CVE-2017-5753.json +++ b/2017/5xxx/CVE-2017-5753.json @@ -357,6 +357,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2017/8xxx/CVE-2017-8023.json b/2017/8xxx/CVE-2017-8023.json index b0bdda4896c..3b552041d14 100644 --- a/2017/8xxx/CVE-2017-8023.json +++ b/2017/8xxx/CVE-2017-8023.json @@ -1,98 +1,99 @@ -{ - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2019-03-26T04:00:00.000Z", - "ID": "CVE-2017-8023", - "STATE": "PUBLIC", - "TITLE": "EMC Networker Remote Code Execution Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Networker", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "8.2.X" - }, - { - "version_affected": "=", - "version_value": "9.0.X" - }, - { - "version_affected": "<", - "version_value": "9.1.15" - }, - { - "version_affected": "<", - "version_value": "9.2.1" - } - ] - } - } - ] - }, - "vendor_name": "Dell EMC" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges." - } - ] - }, - "generator": { - "engine": "Vulnogram 0.0.6" - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution Vulnerability" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "FULLDISC", - "url": "https://seclists.org/fulldisclosure/2019/Mar/50" - } - ] - }, - "source": { - "discovery": "UNKNOWN" - } +{ + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2019-03-26T04:00:00.000Z", + "ID": "CVE-2017-8023", + "STATE": "PUBLIC", + "TITLE": "EMC Networker Remote Code Execution Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Networker", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "8.2.X" + }, + { + "version_affected": "=", + "version_value": "9.0.X" + }, + { + "version_affected": "<", + "version_value": "9.1.15" + }, + { + "version_affected": "<", + "version_value": "9.2.1" + } + ] + } + } + ] + }, + "vendor_name": "Dell EMC" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.6" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://seclists.org/fulldisclosure/2019/Mar/50", + "name": "https://seclists.org/fulldisclosure/2019/Mar/50" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } } \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10237.json b/2018/10xxx/CVE-2018-10237.json index f268f07c836..927f39b2bac 100644 --- a/2018/10xxx/CVE-2018-10237.json +++ b/2018/10xxx/CVE-2018-10237.json @@ -116,6 +116,16 @@ "name": "RHSA-2018:2743", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2743" + }, + { + "refsource": "MLIST", + "name": "[hadoop-hdfs-dev] 20190401 Update guava to 27.0-jre in hadoop-project", + "url": "https://lists.apache.org/thread.html/cc48fe770c45a74dc3b37ed0817393e0c96701fc49bc431ed922f3cc@%3Chdfs-dev.hadoop.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[hadoop-common-dev] 20190401 Update guava to 27.0-jre in hadoop-project", + "url": "https://lists.apache.org/thread.html/19fa48533bc7ea1accf6b12746a74ed888ae6e49a5cf81ae4f807495@%3Ccommon-dev.hadoop.apache.org%3E" } ] } diff --git a/2018/12xxx/CVE-2018-12896.json b/2018/12xxx/CVE-2018-12896.json index 419d1e8f59b..ca1616c8f67 100644 --- a/2018/12xxx/CVE-2018-12896.json +++ b/2018/12xxx/CVE-2018-12896.json @@ -111,6 +111,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2018/13xxx/CVE-2018-13053.json b/2018/13xxx/CVE-2018-13053.json index 7a375646611..6420ff376a8 100644 --- a/2018/13xxx/CVE-2018-13053.json +++ b/2018/13xxx/CVE-2018-13053.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2018/16xxx/CVE-2018-16862.json b/2018/16xxx/CVE-2018-16862.json index b0c70bb4348..75c2d0cddc7 100644 --- a/2018/16xxx/CVE-2018-16862.json +++ b/2018/16xxx/CVE-2018-16862.json @@ -101,6 +101,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2018/16xxx/CVE-2018-16884.json b/2018/16xxx/CVE-2018-16884.json index bdc31ab5321..3b65593930f 100644 --- a/2018/16xxx/CVE-2018-16884.json +++ b/2018/16xxx/CVE-2018-16884.json @@ -86,6 +86,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2018/17xxx/CVE-2018-17563.json b/2018/17xxx/CVE-2018-17563.json index ccc5d581d04..3469ccf3c85 100644 --- a/2018/17xxx/CVE-2018-17563.json +++ b/2018/17xxx/CVE-2018-17563.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17563", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Malformed Input String to /cgi-bin/api-get_line_status on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to dump the device's configuration in cleartext." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://grandstream.com/support/firmware", + "refsource": "MISC", + "name": "http://grandstream.com/support/firmware" + }, + { + "url": "http://www.iridiumxor.blog/2019/01/three-simple-cves-for-a-good-voip-phone/", + "refsource": "MISC", + "name": "http://www.iridiumxor.blog/2019/01/three-simple-cves-for-a-good-voip-phone/" } ] } diff --git a/2018/17xxx/CVE-2018-17564.json b/2018/17xxx/CVE-2018-17564.json index d24aa8ced0f..0ce0ff424cd 100644 --- a/2018/17xxx/CVE-2018-17564.json +++ b/2018/17xxx/CVE-2018-17564.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17564", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Malformed Input String to /cgi-bin/delete_CA on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to delete configuration parameters and gain admin access to the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://grandstream.com/support/firmware", + "refsource": "MISC", + "name": "http://grandstream.com/support/firmware" + }, + { + "url": "http://www.iridiumxor.blog/2019/01/three-simple-cves-for-a-good-voip-phone/", + "refsource": "MISC", + "name": "http://www.iridiumxor.blog/2019/01/three-simple-cves-for-a-good-voip-phone/" } ] } diff --git a/2018/17xxx/CVE-2018-17565.json b/2018/17xxx/CVE-2018-17565.json index b92447ceae7..1e4bb118fef 100644 --- a/2018/17xxx/CVE-2018-17565.json +++ b/2018/17xxx/CVE-2018-17565.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17565", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Shell Metacharacter Injection in the SSH configuration interface on Grandstream GXP16xx VoIP 1.0.4.128 phones allows attackers to execute arbitrary system commands and gain a root shell." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://grandstream.com/support/firmware", + "refsource": "MISC", + "name": "http://grandstream.com/support/firmware" + }, + { + "url": "http://www.iridiumxor.blog/2019/01/three-simple-cves-for-a-good-voip-phone/", + "refsource": "MISC", + "name": "http://www.iridiumxor.blog/2019/01/three-simple-cves-for-a-good-voip-phone/" } ] } diff --git a/2018/17xxx/CVE-2018-17972.json b/2018/17xxx/CVE-2018-17972.json index 251db48d583..32ab2024a53 100644 --- a/2018/17xxx/CVE-2018-17972.json +++ b/2018/17xxx/CVE-2018-17972.json @@ -131,6 +131,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2018/17xxx/CVE-2018-17989.json b/2018/17xxx/CVE-2018-17989.json index d5f9917c657..8f0940a63be 100644 --- a/2018/17xxx/CVE-2018-17989.json +++ b/2018/17xxx/CVE-2018-17989.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17989", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored XSS vulnerability exists in the web interface on D-Link DSL-3782 devices with firmware 1.01 that allows authenticated attackers to inject a JavaScript or HTML payload inside the ACL page. The injected payload would be executed in a user's browser when \"/cgi-bin/New_GUI/Acl.asp\" is requested." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://c0mix.github.io/2019/D-Link-DIR-3782-SecAdvisory-OS-Command-Injection-and-Stored-XSS/", + "refsource": "MISC", + "name": "https://c0mix.github.io/2019/D-Link-DIR-3782-SecAdvisory-OS-Command-Injection-and-Stored-XSS/" } ] } diff --git a/2018/17xxx/CVE-2018-17990.json b/2018/17xxx/CVE-2018-17990.json index 5ceb8858af3..be17382c450 100644 --- a/2018/17xxx/CVE-2018-17990.json +++ b/2018/17xxx/CVE-2018-17990.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17990", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on D-Link DSL-3782 devices with firmware 1.01. An OS command injection vulnerability in Acl.asp allows a remote authenticated attacker to execute arbitrary OS commands via the ScrIPaddrEndTXT parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://c0mix.github.io/2019/D-Link-DIR-3782-SecAdvisory-OS-Command-Injection-and-Stored-XSS/", + "refsource": "MISC", + "name": "https://c0mix.github.io/2019/D-Link-DIR-3782-SecAdvisory-OS-Command-Injection-and-Stored-XSS/" } ] } diff --git a/2018/18xxx/CVE-2018-18281.json b/2018/18xxx/CVE-2018-18281.json index 00852ec2c22..146564ab5e8 100644 --- a/2018/18xxx/CVE-2018-18281.json +++ b/2018/18xxx/CVE-2018-18281.json @@ -146,6 +146,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2018/18xxx/CVE-2018-18690.json b/2018/18xxx/CVE-2018-18690.json index 0041f64cf51..33282b2666f 100644 --- a/2018/18xxx/CVE-2018-18690.json +++ b/2018/18xxx/CVE-2018-18690.json @@ -121,6 +121,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2018/18xxx/CVE-2018-18710.json b/2018/18xxx/CVE-2018-18710.json index 9ba6f1ec6ac..c54b73b39b2 100644 --- a/2018/18xxx/CVE-2018-18710.json +++ b/2018/18xxx/CVE-2018-18710.json @@ -116,6 +116,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2018/19xxx/CVE-2018-19113.json b/2018/19xxx/CVE-2018-19113.json index bc9b3ec3c75..33ec7fb1b28 100644 --- a/2018/19xxx/CVE-2018-19113.json +++ b/2018/19xxx/CVE-2018-19113.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19113", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in before 8.1.13.0 for Outlook has \"BUILTIN\\Users:(I)(F)\" permissions for the \"%PROGRAMFILES(X86)%\\proNestor\\Outlook add-in for Pronestor\\PronestorHealthMonitor.exe\" file, which allows local users to gain privileges via a Trojan horse PronestorHealthMonitor.exe file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.pronestor.com", + "refsource": "MISC", + "name": "https://www.pronestor.com" + }, + { + "url": "https://gist.github.com/povlteksttv/8f990e11576e1e90e8fb61acf8646d28", + "refsource": "MISC", + "name": "https://gist.github.com/povlteksttv/8f990e11576e1e90e8fb61acf8646d28" } ] } diff --git a/2018/19xxx/CVE-2018-19824.json b/2018/19xxx/CVE-2018-19824.json index 18e555e602a..a8814b6b2c8 100644 --- a/2018/19xxx/CVE-2018-19824.json +++ b/2018/19xxx/CVE-2018-19824.json @@ -91,6 +91,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K98155950", "url": "https://support.f5.com/csp/article/K98155950" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2018/19xxx/CVE-2018-19985.json b/2018/19xxx/CVE-2018-19985.json index f7a4845c8a7..c8eee05d06d 100644 --- a/2018/19xxx/CVE-2018-19985.json +++ b/2018/19xxx/CVE-2018-19985.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2018/20xxx/CVE-2018-20169.json b/2018/20xxx/CVE-2018-20169.json index f0cae6ce8e0..0213b604350 100644 --- a/2018/20xxx/CVE-2018-20169.json +++ b/2018/20xxx/CVE-2018-20169.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2018/20xxx/CVE-2018-20511.json b/2018/20xxx/CVE-2018-20511.json index f1d759d275b..704c970b0f0 100644 --- a/2018/20xxx/CVE-2018-20511.json +++ b/2018/20xxx/CVE-2018-20511.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2018/3xxx/CVE-2018-3639.json b/2018/3xxx/CVE-2018-3639.json index 43085900906..e83cfcafb20 100644 --- a/2018/3xxx/CVE-2018-3639.json +++ b/2018/3xxx/CVE-2018-3639.json @@ -722,6 +722,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2018/3xxx/CVE-2018-3979.json b/2018/3xxx/CVE-2018-3979.json index 6ad8c60baa3..7b520ee67d6 100644 --- a/2018/3xxx/CVE-2018-3979.json +++ b/2018/3xxx/CVE-2018-3979.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-3979", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-3979", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Nouveau", + "product": { + "product_data": [ + { + "product_name": "Nouveau", + "version": { + "version_data": [ + { + "version_value": "Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64)" + }, + { + "version_value": "Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0647", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0647" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote denial-of-service vulnerability exists in the way the Nouveau Display Driver (the default Ubuntu Nvidia display driver) handles GPU shader execution. A specially crafted pixel shader can cause remote denial-of-service issues. An attacker can provide a specially crafted website to trigger this vulnerability. This vulnerability can be triggered remotely after the user visits a malformed website. No further user interaction is required. Vulnerable versions include Ubuntu 18.04 LTS (linux 4.15.0-29-generic x86_64), Nouveau Display Driver NV117 (vermagic: 4.15.0-29-generic SMP mod_unload)." } ] } diff --git a/2018/5xxx/CVE-2018-5848.json b/2018/5xxx/CVE-2018-5848.json index e6c207bede8..3231648dcfa 100644 --- a/2018/5xxx/CVE-2018-5848.json +++ b/2018/5xxx/CVE-2018-5848.json @@ -82,6 +82,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2018/5xxx/CVE-2018-5953.json b/2018/5xxx/CVE-2018-5953.json index 050742de634..59d45eccb6a 100644 --- a/2018/5xxx/CVE-2018-5953.json +++ b/2018/5xxx/CVE-2018-5953.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2018/7xxx/CVE-2018-7447.json b/2018/7xxx/CVE-2018-7447.json index 162be09bc00..2a17bdcc9db 100644 --- a/2018/7xxx/CVE-2018-7447.json +++ b/2018/7xxx/CVE-2018-7447.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable." + "value": "** DISPUTED ** mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. The 'Title' and 'Subtitle' fields of the 'Blog' page are vulnerable. NOTE: The software maintainer disputes this as a vulnerability because the fields claimed to be vulnerable to XSS are only available to administrators who are supposed to have access to add scripts." } ] }, diff --git a/2019/3xxx/CVE-2019-3701.json b/2019/3xxx/CVE-2019-3701.json index 7091b4cf567..b5f4304567d 100644 --- a/2019/3xxx/CVE-2019-3701.json +++ b/2019/3xxx/CVE-2019-3701.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2019/3xxx/CVE-2019-3792.json b/2019/3xxx/CVE-2019-3792.json index cc22d770f32..a657a78e0b7 100644 --- a/2019/3xxx/CVE-2019-3792.json +++ b/2019/3xxx/CVE-2019-3792.json @@ -1 +1,85 @@ -{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"secure@dell.com","DATE_PUBLIC":"2019-03-26T00:18:10.000Z","ID":"CVE-2019-3792","STATE":"PUBLIC","TITLE":"Concourse 5.0.0 SQL Injection vulnerability"},"source":{"discovery":"UNKNOWN"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Concourse","version":{"version_data":[{"affected":"<","version_name":"All","version_value":"v5.0.1"}]}}]},"vendor_name":"Pivotal"}]}},"description":{"description_data":[{"lang":"eng","value":"Pivotal Concourse versions prior to 5.0.1, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-89: SQL Injection"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","url":"https://pivotal.io/security/cve-2019-3792","name":"https://pivotal.io/security/cve-2019-3792"}]},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":6.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H","version":"3.0"}}} \ No newline at end of file +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2019-03-26T00:18:10.000Z", + "ID": "CVE-2019-3792", + "STATE": "PUBLIC", + "TITLE": "Concourse 5.0.0 SQL Injection vulnerability" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Concourse", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "All", + "version_value": "v5.0.1" + } + ] + } + } + ] + }, + "vendor_name": "Pivotal" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pivotal Concourse versions prior to 5.0.1, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2019-3792", + "name": "https://pivotal.io/security/cve-2019-3792" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3819.json b/2019/3xxx/CVE-2019-3819.json index c31f6169d96..29a41baea2a 100644 --- a/2019/3xxx/CVE-2019-3819.json +++ b/2019/3xxx/CVE-2019-3819.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2019/5xxx/CVE-2019-5514.json b/2019/5xxx/CVE-2019-5514.json index ffc93f78def..4f38ad3be9d 100644 --- a/2019/5xxx/CVE-2019-5514.json +++ b/2019/5xxx/CVE-2019-5514.json @@ -1,17 +1,71 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5514", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5514", + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VMware", + "product": { + "product_data": [ + { + "product_name": "VMware Fusion", + "version": { + "version_data": [ + { + "version_value": "11.x before 11.0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthenticated APIs Security vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html", + "url": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html" + }, + { + "refsource": "BID", + "name": "107637", + "url": "http://www.securityfocus.com/bid/107637" + }, + { + "refsource": "CONFIRM", + "name": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines." } ] } diff --git a/2019/5xxx/CVE-2019-5518.json b/2019/5xxx/CVE-2019-5518.json index 7a214e1d609..8bc6b29ca1e 100644 --- a/2019/5xxx/CVE-2019-5518.json +++ b/2019/5xxx/CVE-2019-5518.json @@ -1,17 +1,84 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5518", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5518", + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VMware", + "product": { + "product_data": [ + { + "product_name": "VMware ESXi, Workstation, Fusion", + "version": { + "version_data": [ + { + "version_value": "ESXi 6.7 before ESXi670-201903001" + }, + { + "version_value": "ESXi 6.5 before ESXi650-201903001" + }, + { + "version_value": "ESXi 6.0 before ESXi600-201903001" + }, + { + "version_value": "Workstation 15.x before 15.0.4" + }, + { + "version_value": "Workstation 14.x before 14.1.7" + }, + { + "version_value": "Fusion 11.x before 11.0.3" + }, + { + "version_value": "Fusion 10.x before 10.1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read/write vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html", + "url": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain an out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host." } ] } diff --git a/2019/5xxx/CVE-2019-5519.json b/2019/5xxx/CVE-2019-5519.json index 83221c120a7..cef2d86377e 100644 --- a/2019/5xxx/CVE-2019-5519.json +++ b/2019/5xxx/CVE-2019-5519.json @@ -1,17 +1,84 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5519", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5519", + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VMware", + "product": { + "product_data": [ + { + "product_name": "VMware ESXi, Workstation, Fusion", + "version": { + "version_data": [ + { + "version_value": "ESXi 6.7 before ESXi670-201903001" + }, + { + "version_value": "ESXi 6.5 before ESXi650-201903001" + }, + { + "version_value": "ESXi 6.0 before ESXi600-201903001" + }, + { + "version_value": "Workstation 15.x before 15.0.4" + }, + { + "version_value": "Workstation 14.x before 14.1.7" + }, + { + "version_value": "Fusion 11.x before 11.0.3" + }, + { + "version_value": "Fusion 10.x before 10.1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Time-of-check Time-of-use (TOCTOU) vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html", + "url": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host." } ] } diff --git a/2019/6xxx/CVE-2019-6974.json b/2019/6xxx/CVE-2019-6974.json index 7750d589fe0..6dec082e3c4 100644 --- a/2019/6xxx/CVE-2019-6974.json +++ b/2019/6xxx/CVE-2019-6974.json @@ -101,6 +101,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2019/7xxx/CVE-2019-7221.json b/2019/7xxx/CVE-2019-7221.json index ddc2760bf8b..b7c9e78a3c9 100644 --- a/2019/7xxx/CVE-2019-7221.json +++ b/2019/7xxx/CVE-2019-7221.json @@ -96,6 +96,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2019/7xxx/CVE-2019-7222.json b/2019/7xxx/CVE-2019-7222.json index 61cde07ad78..3c539aeefd7 100644 --- a/2019/7xxx/CVE-2019-7222.json +++ b/2019/7xxx/CVE-2019-7222.json @@ -101,6 +101,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] } diff --git a/2019/9xxx/CVE-2019-9193.json b/2019/9xxx/CVE-2019-9193.json index 509681ab1a1..66c3e5f5a09 100644 --- a/2019/9xxx/CVE-2019-9193.json +++ b/2019/9xxx/CVE-2019-9193.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9193", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In PostgreSQL 9.3 through 11.2, the \"COPY TO/FROM PROGRAM\" function allows superusers and users in the 'pg_read_server_files' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary operating system commands on Windows, Linux, and macOS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://paquier.xyz/postgresql-2/postgres-9-3-feature-highlight-copy-tofrom-program/", + "refsource": "MISC", + "name": "https://paquier.xyz/postgresql-2/postgres-9-3-feature-highlight-copy-tofrom-program/" + }, + { + "url": "https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5", + "refsource": "MISC", + "name": "https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5" } ] } diff --git a/2019/9xxx/CVE-2019-9213.json b/2019/9xxx/CVE-2019-9213.json index 0c7b6fefbac..f60ef5fa14c 100644 --- a/2019/9xxx/CVE-2019-9213.json +++ b/2019/9xxx/CVE-2019-9213.json @@ -106,6 +106,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1085", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00045.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", + "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html" } ] }