diff --git a/2010/2xxx/CVE-2010-2488.json b/2010/2xxx/CVE-2010-2488.json index f7c73c7b119..541ce93d255 100644 --- a/2010/2xxx/CVE-2010-2488.json +++ b/2010/2xxx/CVE-2010-2488.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-2488", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "znc", + "product": { + "product_data": [ + { + "product_name": "znc", + "version": { + "version_data": [ + { + "version_value": "before 0.092" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "null pointer deref" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-2488", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-2488" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2010-2488", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2010-2488" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584929", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584929" + }, + { + "refsource": "CONFIRM", + "name": "https://wiki.znc.in/ChangeLog/0.092", + "url": "https://wiki.znc.in/ChangeLog/0.092" } ] } diff --git a/2010/3xxx/CVE-2010-3438.json b/2010/3xxx/CVE-2010-3438.json index 37d57ae58d9..627bbdb9f35 100644 --- a/2010/3xxx/CVE-2010-3438.json +++ b/2010/3xxx/CVE-2010-3438.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-3438", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libpoe-component-irc-perl", + "product": { + "product_data": [ + { + "product_name": "libpoe-component-irc-perl", + "version": { + "version_data": [ + { + "version_value": "before v6.32" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as \"some text\\rQUIT\" to the 'privmsg' handler, which would cause the client to disconnect from the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "stripping of CR/LF allows arbitrary IRC command execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-3438", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-3438" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3438", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3438" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581194", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=581194" } ] } diff --git a/2010/3xxx/CVE-2010-3439.json b/2010/3xxx/CVE-2010-3439.json index 60c6f35284d..89513142d82 100644 --- a/2010/3xxx/CVE-2010-3439.json +++ b/2010/3xxx/CVE-2010-3439.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-3439", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "alien-arena", + "product": { + "product_data": [ + { + "product_name": "alien-arena", + "version": { + "version_data": [ + { + "version_value": "7.33" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service - Malformed Input" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-3439", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-3439" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3439", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3439" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2010-3439", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2010-3439" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575621", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575621" } ] } diff --git a/2011/2xxx/CVE-2011-2335.json b/2011/2xxx/CVE-2011-2335.json index 8e386914301..4701722daf3 100644 --- a/2011/2xxx/CVE-2011-2335.json +++ b/2011/2xxx/CVE-2011-2335.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@google.com", "ID": "CVE-2011-2335", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "before Blink M12" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A double-free vulnerability exists in WebKit in Google Chrome before Blink M12 in the WebCore::CSSSelector function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "double free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=81351", + "refsource": "MISC", + "name": "https://bugs.chromium.org/p/chromium/issues/detail?id=81351" + }, + { + "refsource": "MISC", + "name": "https://trac.webkit.org/changeset/80155/webkit", + "url": "https://trac.webkit.org/changeset/80155/webkit" } ] } diff --git a/2012/0xxx/CVE-2012-0881.json b/2012/0xxx/CVE-2012-0881.json index fd14461e4c0..32f0afadc04 100644 --- a/2012/0xxx/CVE-2012-0881.json +++ b/2012/0xxx/CVE-2012-0881.json @@ -72,6 +72,11 @@ "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=787104" }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" + }, { "refsource": "MLIST", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", @@ -81,6 +86,11 @@ "refsource": "MLIST", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" } ] } diff --git a/2013/4xxx/CVE-2013-4002.json b/2013/4xxx/CVE-2013-4002.json index d4391e9d1b7..06ef486d405 100644 --- a/2013/4xxx/CVE-2013-4002.json +++ b/2013/4xxx/CVE-2013-4002.json @@ -281,6 +281,11 @@ "name": "ibm-java-cve20134002-dos(85260)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85260" + }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0114.json b/2014/0xxx/CVE-2014-0114.json index f41511b5882..f0330c24a98 100644 --- a/2014/0xxx/CVE-2014-0114.json +++ b/2014/0xxx/CVE-2014-0114.json @@ -382,6 +382,11 @@ "refsource": "SECUNIA", "url": "http://secunia.com/advisories/58851" }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" + }, { "refsource": "MLIST", "name": "[infra-devnull] 20190329 [GitHub] [pulsar] massakam opened pull request #3938: Upgrade third party libraries with security vulnerabilities", @@ -611,6 +616,11 @@ "refsource": "MLIST", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" } ] } diff --git a/2016/1000xxx/CVE-2016-1000031.json b/2016/1000xxx/CVE-2016-1000031.json index 6c6730c8fd3..f0732178307 100644 --- a/2016/1000xxx/CVE-2016-1000031.json +++ b/2016/1000xxx/CVE-2016-1000031.json @@ -107,6 +107,11 @@ "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/d66657323fd25e437face5e84899c8ca404ccd187e81c3f2fa8b6080@%3Cannounce.apache.org%3E" }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" + }, { "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", diff --git a/2016/1000xxx/CVE-2016-1000338.json b/2016/1000xxx/CVE-2016-1000338.json index 476dc03684f..f9999e83c99 100644 --- a/2016/1000xxx/CVE-2016-1000338.json +++ b/2016/1000xxx/CVE-2016-1000338.json @@ -76,6 +76,11 @@ "name": "RHSA-2018:2927", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2927" + }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" } ] } diff --git a/2016/1000xxx/CVE-2016-1000343.json b/2016/1000xxx/CVE-2016-1000343.json index d5fde8dc2a7..73ea8aba8bd 100644 --- a/2016/1000xxx/CVE-2016-1000343.json +++ b/2016/1000xxx/CVE-2016-1000343.json @@ -81,6 +81,11 @@ "name": "RHSA-2018:2927", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2927" + }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" } ] } diff --git a/2016/4xxx/CVE-2016-4434.json b/2016/4xxx/CVE-2016-4434.json index 1dd475e2a98..15a136e2950 100644 --- a/2016/4xxx/CVE-2016-4434.json +++ b/2016/4xxx/CVE-2016-4434.json @@ -76,6 +76,11 @@ "name": "RHSA-2017:0249", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0249.html" + }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" } ] } diff --git a/2017/1000xxx/CVE-2017-1000190.json b/2017/1000xxx/CVE-2017-1000190.json index 701fd13c71c..de83d4a1ac0 100644 --- a/2017/1000xxx/CVE-2017-1000190.json +++ b/2017/1000xxx/CVE-2017-1000190.json @@ -59,6 +59,11 @@ "refsource": "CONFIRM", "url": "https://github.com/ngallagher/simplexml/issues/18" }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" + }, { "refsource": "MLIST", "name": "[lucene-dev] 20190723 [jira] [Updated] (SOLR-13648) vulnerable simple-xml-2.7.1.jar", diff --git a/2017/12xxx/CVE-2017-12626.json b/2017/12xxx/CVE-2017-12626.json index c2f7dafe421..9c7752f4a58 100644 --- a/2017/12xxx/CVE-2017-12626.json +++ b/2017/12xxx/CVE-2017-12626.json @@ -68,6 +68,11 @@ "refsource": "BID", "url": "http://www.securityfocus.com/bid/102879" }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" + }, { "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", diff --git a/2017/7xxx/CVE-2017-7525.json b/2017/7xxx/CVE-2017-7525.json index 988d3a6cc8a..0b2eb4a541e 100644 --- a/2017/7xxx/CVE-2017-7525.json +++ b/2017/7xxx/CVE-2017-7525.json @@ -249,6 +249,11 @@ "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2633" }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" + }, { "refsource": "MLIST", "name": "[lucene-dev] 20190325 [jira] [Closed] (SOLR-13110) CVE-2017-7525 Threat Level 9 Against Solr v7.6. org.codehaus.jackson : jackson-mapper-asl : 1.9.13. .A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, ...", diff --git a/2017/7xxx/CVE-2017-7656.json b/2017/7xxx/CVE-2017-7656.json index b4805ef5a4e..80105ff735d 100644 --- a/2017/7xxx/CVE-2017-7656.json +++ b/2017/7xxx/CVE-2017-7656.json @@ -89,6 +89,11 @@ "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20181014-0001/" }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" + }, { "refsource": "MLIST", "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", diff --git a/2017/7xxx/CVE-2017-7657.json b/2017/7xxx/CVE-2017-7657.json index 46d82892762..d0f50477e7c 100644 --- a/2017/7xxx/CVE-2017-7657.json +++ b/2017/7xxx/CVE-2017-7657.json @@ -89,6 +89,11 @@ "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20181014-0001/" }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" + }, { "refsource": "REDHAT", "name": "RHSA-2019:0910", diff --git a/2017/7xxx/CVE-2017-7658.json b/2017/7xxx/CVE-2017-7658.json index 949f0d7bcb3..e91575ea850 100644 --- a/2017/7xxx/CVE-2017-7658.json +++ b/2017/7xxx/CVE-2017-7658.json @@ -99,6 +99,11 @@ "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20181014-0001/" }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" + }, { "refsource": "MLIST", "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", diff --git a/2018/1000xxx/CVE-2018-1000180.json b/2018/1000xxx/CVE-2018-1000180.json index dc8b21167b4..6d9342e5838 100644 --- a/2018/1000xxx/CVE-2018-1000180.json +++ b/2018/1000xxx/CVE-2018-1000180.json @@ -120,6 +120,11 @@ "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4233" }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" + }, { "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", diff --git a/2018/1000xxx/CVE-2018-1000632.json b/2018/1000xxx/CVE-2018-1000632.json index 6bdb85c4558..62263ba0f08 100644 --- a/2018/1000xxx/CVE-2018-1000632.json +++ b/2018/1000xxx/CVE-2018-1000632.json @@ -100,6 +100,11 @@ "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:0380" }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" + }, { "refsource": "REDHAT", "name": "RHSA-2019:1160", diff --git a/2018/11xxx/CVE-2018-11761.json b/2018/11xxx/CVE-2018-11761.json index 752e0075b3a..8657add2940 100644 --- a/2018/11xxx/CVE-2018-11761.json +++ b/2018/11xxx/CVE-2018-11761.json @@ -63,6 +63,11 @@ "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E" }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" + }, { "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", diff --git a/2018/1xxx/CVE-2018-1308.json b/2018/1xxx/CVE-2018-1308.json index 441bf4655ad..2ff5f83eb27 100644 --- a/2018/1xxx/CVE-2018-1308.json +++ b/2018/1xxx/CVE-2018-1308.json @@ -75,6 +75,11 @@ "name": "https://issues.apache.org/jira/browse/SOLR-11971", "refsource": "CONFIRM", "url": "https://issues.apache.org/jira/browse/SOLR-11971" + }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" } ] } diff --git a/2018/8xxx/CVE-2018-8009.json b/2018/8xxx/CVE-2018-8009.json index cfbc362668f..a8db1cb4eda 100644 --- a/2018/8xxx/CVE-2018-8009.json +++ b/2018/8xxx/CVE-2018-8009.json @@ -71,6 +71,11 @@ "name": "https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop", "refsource": "MISC", "url": "https://hadoop.apache.org/cve_list.html#cve-2018-8009-http-cve-mitre-org-cgi-bin-cvename-cgi-name-cve-2018-8009-zip-slip-impact-on-apache-hadoop" + }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", + "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" } ] } diff --git a/2019/15xxx/CVE-2019-15163.json b/2019/15xxx/CVE-2019-15163.json index 0c88b832325..d828980249b 100644 --- a/2019/15xxx/CVE-2019-15163.json +++ b/2019/15xxx/CVE-2019-15163.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-b92ce3144a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F/" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K92862401?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K92862401?utm_source=f5support&utm_medium=RSS" } ] } diff --git a/2019/17xxx/CVE-2019-17330.json b/2019/17xxx/CVE-2019-17330.json index 85fe0798dff..19327f6e734 100644 --- a/2019/17xxx/CVE-2019-17330.json +++ b/2019/17xxx/CVE-2019-17330.json @@ -53,7 +53,7 @@ "description_data": [ { "lang": "eng", - "value": "The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks.\n\nAffected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6.\n" + "value": "The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions up to and including 5.8.1.fixR, versions 5.9.3, 5.9.4, 5.9.5, and 5.9.6." } ] }, @@ -88,12 +88,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330" + "refsource": "MISC", + "url": "http://www.tibco.com/services/support/advisories", + "name": "http://www.tibco.com/services/support/advisories" }, { - "refsource": "CONFIRM", - "url": "http://www.tibco.com/services/support/advisories" + "refsource": "MISC", + "url": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330", + "name": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-2019-17330" } ] }, @@ -106,4 +108,4 @@ "source": { "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17331.json b/2019/17xxx/CVE-2019-17331.json index c466bd0b4ba..e28fa0b80ab 100644 --- a/2019/17xxx/CVE-2019-17331.json +++ b/2019/17xxx/CVE-2019-17331.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks.\n\nAffected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, version 4.1.0.\n" + "value": "The Data Exchange Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, version 4.1.0." } ] }, @@ -76,12 +76,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-add-on-2019-17331" + "refsource": "MISC", + "url": "http://www.tibco.com/services/support/advisories", + "name": "http://www.tibco.com/services/support/advisories" }, { - "refsource": "CONFIRM", - "url": "http://www.tibco.com/services/support/advisories" + "refsource": "MISC", + "url": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-add-on-2019-17331", + "name": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-add-on-2019-17331" } ] }, @@ -94,4 +96,4 @@ "source": { "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17332.json b/2019/17xxx/CVE-2019-17332.json index a8c1de83117..639b285978f 100644 --- a/2019/17xxx/CVE-2019-17332.json +++ b/2019/17xxx/CVE-2019-17332.json @@ -53,7 +53,7 @@ "description_data": [ { "lang": "eng", - "value": "The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks.\n\nAffected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, versions 4.1.0, 4.2.0, 4.2.1, and 4.2.2.\n" + "value": "The Digital Asset Manager Web Interface component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that theoretically allows authenticated users to perform stored cross-site scripting (XSS) attacks. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions up to and including 3.20.13, versions 4.1.0, 4.2.0, 4.2.1, and 4.2.2." } ] }, @@ -88,12 +88,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-add-on-2019-17332" + "refsource": "MISC", + "url": "http://www.tibco.com/services/support/advisories", + "name": "http://www.tibco.com/services/support/advisories" }, { - "refsource": "CONFIRM", - "url": "http://www.tibco.com/services/support/advisories" + "refsource": "MISC", + "url": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-add-on-2019-17332", + "name": "https://www.tibco.com/support/advisories/2019/11/tibco-security-advisory-november-12-2019-tibco-ebx-add-on-2019-17332" } ] },