From 36a8390b2eb985ddc904952c64a986b98e5bb312 Mon Sep 17 00:00:00 2001
From: CVE Team <cve-request@mitre.org>
Date: Wed, 18 Dec 2019 21:01:07 +0000
Subject: [PATCH] "-Synchronized-Data."

---
 2019/11xxx/CVE-2019-11996.json | 57 +++-----------------
 2019/15xxx/CVE-2019-15575.json | 62 ++++++++++++++++++++++
 2019/15xxx/CVE-2019-15576.json | 62 ++++++++++++++++++++++
 2019/15xxx/CVE-2019-15577.json | 62 ++++++++++++++++++++++
 2019/15xxx/CVE-2019-15580.json | 62 ++++++++++++++++++++++
 2019/15xxx/CVE-2019-15589.json | 62 ++++++++++++++++++++++
 2019/15xxx/CVE-2019-15591.json | 62 ++++++++++++++++++++++
 2019/15xxx/CVE-2019-15596.json | 62 ++++++++++++++++++++++
 2019/15xxx/CVE-2019-15597.json | 62 ++++++++++++++++++++++
 2019/15xxx/CVE-2019-15598.json | 62 ++++++++++++++++++++++
 2019/15xxx/CVE-2019-15599.json | 62 ++++++++++++++++++++++
 2019/15xxx/CVE-2019-15600.json | 62 ++++++++++++++++++++++
 2019/18xxx/CVE-2019-18571.json | 43 +++++++--------
 2019/18xxx/CVE-2019-18572.json | 43 +++++++--------
 2019/18xxx/CVE-2019-18573.json | 43 +++++++--------
 2019/18xxx/CVE-2019-18994.json | 96 ++++++++++++++++++++++++++++++++++
 2019/18xxx/CVE-2019-18995.json | 95 +++++++++++++++++++++++++++++++++
 2019/18xxx/CVE-2019-18996.json | 95 +++++++++++++++++++++++++++++++++
 2019/18xxx/CVE-2019-18997.json | 95 +++++++++++++++++++++++++++++++++
 2019/19xxx/CVE-2019-19724.json | 56 +++++++++++++++++---
 2019/1xxx/CVE-2019-1387.json   | 88 ++++++++++++++++++++++++++++---
 2019/5xxx/CVE-2019-5073.json   | 71 ++++++++++++++++++++++---
 2019/5xxx/CVE-2019-5075.json   | 71 ++++++++++++++++++++++---
 2019/5xxx/CVE-2019-5078.json   | 71 ++++++++++++++++++++++---
 2019/5xxx/CVE-2019-5079.json   | 71 ++++++++++++++++++++++---
 2019/5xxx/CVE-2019-5080.json   | 71 ++++++++++++++++++++++---
 2019/5xxx/CVE-2019-5469.json   | 63 +++++++++++++++++++---
 2019/5xxx/CVE-2019-5486.json   | 58 +++++++++++++++++---
 2019/5xxx/CVE-2019-5487.json   | 58 +++++++++++++++++---
 29 files changed, 1746 insertions(+), 181 deletions(-)
 create mode 100644 2019/15xxx/CVE-2019-15575.json
 create mode 100644 2019/15xxx/CVE-2019-15576.json
 create mode 100644 2019/15xxx/CVE-2019-15577.json
 create mode 100644 2019/15xxx/CVE-2019-15580.json
 create mode 100644 2019/15xxx/CVE-2019-15589.json
 create mode 100644 2019/15xxx/CVE-2019-15591.json
 create mode 100644 2019/15xxx/CVE-2019-15596.json
 create mode 100644 2019/15xxx/CVE-2019-15597.json
 create mode 100644 2019/15xxx/CVE-2019-15598.json
 create mode 100644 2019/15xxx/CVE-2019-15599.json
 create mode 100644 2019/15xxx/CVE-2019-15600.json
 create mode 100644 2019/18xxx/CVE-2019-18994.json
 create mode 100644 2019/18xxx/CVE-2019-18995.json
 create mode 100644 2019/18xxx/CVE-2019-18996.json
 create mode 100644 2019/18xxx/CVE-2019-18997.json

diff --git a/2019/11xxx/CVE-2019-11996.json b/2019/11xxx/CVE-2019-11996.json
index 757039b95f3..05bb327bb63 100644
--- a/2019/11xxx/CVE-2019-11996.json
+++ b/2019/11xxx/CVE-2019-11996.json
@@ -11,62 +11,21 @@
         "vendor": {
             "vendor_data": [
                 {
-                    "vendor_name": "HPE",
+                    "vendor_name": "n/a",
                     "product": {
                         "product_data": [
                             {
-                                "product_name": "Nimble Storage Hybrid Flash Arrays",
+                                "product_name": "HPE Nimble Storage Hybrid Flash Arrays; Nimble Storage All Flash Arrays; Nimble Storage Secondary Flash Arrays",
                                 "version": {
                                     "version_data": [
                                         {
-                                            "version_value": "5.1.2.0 and older"
+                                            "version_value": "5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, 3.9.1.0 and older"
                                         },
                                         {
-                                            "version_value": "5.0.7.0 and older"
+                                            "version_value": "5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, 3.9.1.0 and older"
                                         },
                                         {
-                                            "version_value": "4.5.4.0 and older"
-                                        },
-                                        {
-                                            "version_value": "3.9.1.0 and older"
-                                        }
-                                    ]
-                                }
-                            },
-                            {
-                                "product_name": "Nimble Storage All Flash Arrays",
-                                "version": {
-                                    "version_data": [
-                                        {
-                                            "version_value": "5.1.2.0 and older"
-                                        },
-                                        {
-                                            "version_value": "5.0.7.0 and older"
-                                        },
-                                        {
-                                            "version_value": "4.5.4.0 and older"
-                                        },
-                                        {
-                                            "version_value": "3.9.1.0 and older"
-                                        }
-                                    ]
-                                }
-                            },
-                            {
-                                "product_name": "Nimble Storage Secondary Flash Arrays",
-                                "version": {
-                                    "version_data": [
-                                        {
-                                            "version_value": "5.1.2.0 and older"
-                                        },
-                                        {
-                                            "version_value": "5.0.7.0 and older"
-                                        },
-                                        {
-                                            "version_value": "4.5.4.0 and older"
-                                        },
-                                        {
-                                            "version_value": "3.9.1.0 and older"
+                                            "version_value": "5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, 3.9.1.0 and older"
                                         }
                                     ]
                                 }
@@ -83,7 +42,7 @@
                 "description": [
                     {
                         "lang": "eng",
-                        "value": "remote gain elevated privileges and disclose information"
+                        "value": "remote disclosure of information; remote elevation of privilege; remote multiple vulnerabilities"
                     }
                 ]
             }
@@ -92,7 +51,7 @@
     "references": {
         "reference_data": [
             {
-                "refsource": "CONFIRM",
+                "refsource": "MISC",
                 "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03964en_us",
                 "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03964en_us"
             }
@@ -102,7 +61,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be remotely exploited by an attacker to gain elevated privileges or disclose information the array. Affected products and versions include: Nimble Storage Hybrid Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older Nimble Storage All Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older Nimble Storage Secondary Flash Arrays - 5.1.2.0 and older, 5.0.7.0 and older, 4.5.4.0 and older, and 3.9.1.0 and older"
+                "value": "Potential security vulnerabilities have been identified with HPE Nimble Storage systems in multi array group configurations. The vulnerabilities could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.2.0, 4.5.5.0, 5.0.8.0 and 5.1.3.0."
             }
         ]
     }
diff --git a/2019/15xxx/CVE-2019-15575.json b/2019/15xxx/CVE-2019-15575.json
new file mode 100644
index 00000000000..d121881ceee
--- /dev/null
+++ b/2019/15xxx/CVE-2019-15575.json
@@ -0,0 +1,62 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-15575",
+        "ASSIGNER": "support@hackerone.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "GitLab CE/EE",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "12.3.2, 12.2.6, and 12.1.12"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Command Injection - Generic (CWE-77)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://hackerone.com/reports/682442",
+                "url": "https://hackerone.com/reports/682442"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "A command injection exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to inject commands via the API through the blobs scope."
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/2019/15xxx/CVE-2019-15576.json b/2019/15xxx/CVE-2019-15576.json
new file mode 100644
index 00000000000..129bf965ad5
--- /dev/null
+++ b/2019/15xxx/CVE-2019-15576.json
@@ -0,0 +1,62 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-15576",
+        "ASSIGNER": "support@hackerone.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "GitLab CE/EE",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "12.3.2, 12.2.6, and 12.1.12"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Information Disclosure (CWE-200)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://hackerone.com/reports/633001",
+                "url": "https://hackerone.com/reports/633001"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed an attacker to view private system notes from a GraphQL endpoint."
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/2019/15xxx/CVE-2019-15577.json b/2019/15xxx/CVE-2019-15577.json
new file mode 100644
index 00000000000..5f68ed40db4
--- /dev/null
+++ b/2019/15xxx/CVE-2019-15577.json
@@ -0,0 +1,62 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-15577",
+        "ASSIGNER": "support@hackerone.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "GitLab CE/EE",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "12.3.2, 12.2.6, and 12.1.12"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Information Disclosure (CWE-200)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://hackerone.com/reports/636560",
+                "url": "https://hackerone.com/reports/636560"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12 that allowed project milestones to be disclosed via groups browsing."
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/2019/15xxx/CVE-2019-15580.json b/2019/15xxx/CVE-2019-15580.json
new file mode 100644
index 00000000000..5096d74d372
--- /dev/null
+++ b/2019/15xxx/CVE-2019-15580.json
@@ -0,0 +1,62 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-15580",
+        "ASSIGNER": "support@hackerone.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "gitlab.com",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "12.3.2, 12.2.6, and 12.1.10"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Information Exposure Through Sent Data (CWE-201)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://hackerone.com/reports/667408",
+                "url": "https://hackerone.com/reports/667408"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted."
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/2019/15xxx/CVE-2019-15589.json b/2019/15xxx/CVE-2019-15589.json
new file mode 100644
index 00000000000..975a2b57a9f
--- /dev/null
+++ b/2019/15xxx/CVE-2019-15589.json
@@ -0,0 +1,62 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-15589",
+        "ASSIGNER": "support@hackerone.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "GitLab CE/EE",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "12.3.2, 12.2.6, 12.1.12"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Improper Access Control - Generic (CWE-284)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://hackerone.com/reports/497047",
+                "url": "https://hackerone.com/reports/497047"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "An improper access control vulnerability exists in Gitlab <v12.3.2, <v12.2.6, <v12.1.12 which would allow a blocked user would be able to use GIT clone and pull if he had obtained a CI/CD token before."
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/2019/15xxx/CVE-2019-15591.json b/2019/15xxx/CVE-2019-15591.json
new file mode 100644
index 00000000000..99b5f074fb0
--- /dev/null
+++ b/2019/15xxx/CVE-2019-15591.json
@@ -0,0 +1,62 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-15591",
+        "ASSIGNER": "support@hackerone.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "GitLab",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "12.3.3"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Improper Access Control - Generic (CWE-284)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://hackerone.com/reports/676976",
+                "url": "https://hackerone.com/reports/676976"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "An improper access control vulnerability exists in GitLab <12.3.3 that allows an attacker to obtain container and dependency scanning reports through the merge request widget even though public pipelines were disabled."
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/2019/15xxx/CVE-2019-15596.json b/2019/15xxx/CVE-2019-15596.json
new file mode 100644
index 00000000000..67769923ccf
--- /dev/null
+++ b/2019/15xxx/CVE-2019-15596.json
@@ -0,0 +1,62 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-15596",
+        "ASSIGNER": "support@hackerone.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "statics-server",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Not fixed"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Path Traversal (CWE-22)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://hackerone.com/reports/695416",
+                "url": "https://hackerone.com/reports/695416"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory."
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/2019/15xxx/CVE-2019-15597.json b/2019/15xxx/CVE-2019-15597.json
new file mode 100644
index 00000000000..a4dc560632a
--- /dev/null
+++ b/2019/15xxx/CVE-2019-15597.json
@@ -0,0 +1,62 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-15597",
+        "ASSIGNER": "support@hackerone.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "node-df",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Not fixed"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Code Injection (CWE-94)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://hackerone.com/reports/703412",
+                "url": "https://hackerone.com/reports/703412"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input."
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/2019/15xxx/CVE-2019-15598.json b/2019/15xxx/CVE-2019-15598.json
new file mode 100644
index 00000000000..b1f0535d51a
--- /dev/null
+++ b/2019/15xxx/CVE-2019-15598.json
@@ -0,0 +1,62 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-15598",
+        "ASSIGNER": "support@hackerone.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "treekill",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Not fixed"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Code Injection (CWE-94)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://hackerone.com/reports/703415",
+                "url": "https://hackerone.com/reports/703415"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "A Code Injection exists in treekill on Windows which allows a remote code execution when an attacker is able to control the input into the command."
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/2019/15xxx/CVE-2019-15599.json b/2019/15xxx/CVE-2019-15599.json
new file mode 100644
index 00000000000..2fc6dc711f5
--- /dev/null
+++ b/2019/15xxx/CVE-2019-15599.json
@@ -0,0 +1,62 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-15599",
+        "ASSIGNER": "support@hackerone.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "tree-kill",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Not fixed"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Code Injection (CWE-94)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://hackerone.com/reports/701183",
+                "url": "https://hackerone.com/reports/701183"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to control the input into the command."
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/2019/15xxx/CVE-2019-15600.json b/2019/15xxx/CVE-2019-15600.json
new file mode 100644
index 00000000000..38be6a19c56
--- /dev/null
+++ b/2019/15xxx/CVE-2019-15600.json
@@ -0,0 +1,62 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-15600",
+        "ASSIGNER": "support@hackerone.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "http_server",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Not fixed"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Path Traversal (CWE-22)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://hackerone.com/reports/692262",
+                "url": "https://hackerone.com/reports/692262"
+            }
+        ]
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "A Path traversal exists in http_server which allows an attacker to read arbitrary system files."
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/2019/18xxx/CVE-2019-18571.json b/2019/18xxx/CVE-2019-18571.json
index d4c1275bbf4..3761933d9f4 100644
--- a/2019/18xxx/CVE-2019-18571.json
+++ b/2019/18xxx/CVE-2019-18571.json
@@ -1,10 +1,10 @@
 {
     "CVE_data_meta": {
-        "ASSIGNER": "secure@dell.com", 
-        "DATE_PUBLIC": "2019-11-26", 
-        "ID": "CVE-2019-18571", 
+        "ASSIGNER": "secure@dell.com",
+        "DATE_PUBLIC": "2019-11-26",
+        "ID": "CVE-2019-18571",
         "STATE": "PUBLIC"
-    }, 
+    },
     "affects": {
         "vendor": {
             "vendor_data": [
@@ -12,59 +12,60 @@
                     "product": {
                         "product_data": [
                             {
-                                "product_name": "RSA Identity Governance & Lifecycle", 
+                                "product_name": "RSA Identity Governance & Lifecycle",
                                 "version": {
                                     "version_data": [
                                         {
-                                            "version_affected": "<", 
+                                            "version_affected": "<",
                                             "version_value": "7.1.0 P09, 7.1.1 P3"
                                         }
                                     ]
                                 }
                             }
                         ]
-                    }, 
+                    },
                     "vendor_name": "Dell"
                 }
             ]
         }
-    }, 
-    "data_format": "MITRE", 
-    "data_type": "CVE", 
-    "data_version": "4.0", 
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
     "description": {
         "description_data": [
             {
-                "lang": "eng", 
+                "lang": "eng",
                 "value": "The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a reflected cross-site scripting vulnerability in the My Access Live module [MAL]. An authenticated malicious local user could potentially exploit this vulnerability by sending crafted URL with scripts. When victim users access the module through their browsers, the malicious code gets injected and executed by the web browser in the context of the vulnerable web application."
             }
         ]
-    }, 
+    },
     "impact": {
         "cvss": {
-            "baseScore": 5.4, 
-            "baseSeverity": "Medium", 
-            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", 
+            "baseScore": 5.4,
+            "baseSeverity": "Medium",
+            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
             "version": "3.0"
         }
-    }, 
+    },
     "problemtype": {
         "problemtype_data": [
             {
                 "description": [
                     {
-                        "lang": "eng", 
+                        "lang": "eng",
                         "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
                     }
                 ]
             }
         ]
-    }, 
+    },
     "references": {
         "reference_data": [
             {
-                "refsource": "CONFIRM", 
-                "url": "https://www.dell.com/support/security/en-us/details/DOC-109310/DSA-2019-164-RSA-Identity-Governance-and-Lifecycle-Product-Security-Update-for-Multiple-Vulnerabi"
+                "refsource": "MISC",
+                "url": "https://www.dell.com/support/security/en-us/details/DOC-109310/DSA-2019-164-RSA-Identity-Governance-and-Lifecycle-Product-Security-Update-for-Multiple-Vulnerabi",
+                "name": "https://www.dell.com/support/security/en-us/details/DOC-109310/DSA-2019-164-RSA-Identity-Governance-and-Lifecycle-Product-Security-Update-for-Multiple-Vulnerabi"
             }
         ]
     }
diff --git a/2019/18xxx/CVE-2019-18572.json b/2019/18xxx/CVE-2019-18572.json
index b52ddf26ab9..1f656ce0ec2 100644
--- a/2019/18xxx/CVE-2019-18572.json
+++ b/2019/18xxx/CVE-2019-18572.json
@@ -1,10 +1,10 @@
 {
     "CVE_data_meta": {
-        "ASSIGNER": "secure@dell.com", 
-        "DATE_PUBLIC": "2019-11-26", 
-        "ID": "CVE-2019-18572", 
+        "ASSIGNER": "secure@dell.com",
+        "DATE_PUBLIC": "2019-11-26",
+        "ID": "CVE-2019-18572",
         "STATE": "PUBLIC"
-    }, 
+    },
     "affects": {
         "vendor": {
             "vendor_data": [
@@ -12,59 +12,60 @@
                     "product": {
                         "product_data": [
                             {
-                                "product_name": "RSA Identity Governance & Lifecycle", 
+                                "product_name": "RSA Identity Governance & Lifecycle",
                                 "version": {
                                     "version_data": [
                                         {
-                                            "version_affected": "<", 
+                                            "version_affected": "<",
                                             "version_value": "7.1.0 P09, 7.1.1 P03"
                                         }
                                     ]
                                 }
                             }
                         ]
-                    }, 
+                    },
                     "vendor_name": "Dell"
                 }
             ]
         }
-    }, 
-    "data_format": "MITRE", 
-    "data_type": "CVE", 
-    "data_version": "4.0", 
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
     "description": {
         "description_data": [
             {
-                "lang": "eng", 
+                "lang": "eng",
                 "value": "The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain an Improper Authentication vulnerability. A Java JMX agent running on the remote host is configured with plain text password authentication. An unauthenticated remote attacker can connect to the JMX agent and monitor and manage the Java application."
             }
         ]
-    }, 
+    },
     "impact": {
         "cvss": {
-            "baseScore": 8.3, 
-            "baseSeverity": "High", 
-            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", 
+            "baseScore": 8.3,
+            "baseSeverity": "High",
+            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
             "version": "3.0"
         }
-    }, 
+    },
     "problemtype": {
         "problemtype_data": [
             {
                 "description": [
                     {
-                        "lang": "eng", 
+                        "lang": "eng",
                         "value": "CWE-306: Missing Authentication for Critical Function"
                     }
                 ]
             }
         ]
-    }, 
+    },
     "references": {
         "reference_data": [
             {
-                "refsource": "CONFIRM", 
-                "url": "https://www.dell.com/support/security/en-us/details/DOC-109310/DSA-2019-164-RSA-Identity-Governance-and-Lifecycle-Product-Security-Update-for-Multiple-Vulnerabi"
+                "refsource": "MISC",
+                "url": "https://www.dell.com/support/security/en-us/details/DOC-109310/DSA-2019-164-RSA-Identity-Governance-and-Lifecycle-Product-Security-Update-for-Multiple-Vulnerabi",
+                "name": "https://www.dell.com/support/security/en-us/details/DOC-109310/DSA-2019-164-RSA-Identity-Governance-and-Lifecycle-Product-Security-Update-for-Multiple-Vulnerabi"
             }
         ]
     }
diff --git a/2019/18xxx/CVE-2019-18573.json b/2019/18xxx/CVE-2019-18573.json
index 41a61a6e886..575ba0f17dc 100644
--- a/2019/18xxx/CVE-2019-18573.json
+++ b/2019/18xxx/CVE-2019-18573.json
@@ -1,10 +1,10 @@
 {
     "CVE_data_meta": {
-        "ASSIGNER": "secure@dell.com", 
-        "DATE_PUBLIC": "2019-11-26", 
-        "ID": "CVE-2019-18573", 
+        "ASSIGNER": "secure@dell.com",
+        "DATE_PUBLIC": "2019-11-26",
+        "ID": "CVE-2019-18573",
         "STATE": "PUBLIC"
-    }, 
+    },
     "affects": {
         "vendor": {
             "vendor_data": [
@@ -12,59 +12,60 @@
                     "product": {
                         "product_data": [
                             {
-                                "product_name": "RSA Identity Governance & Lifecycle", 
+                                "product_name": "RSA Identity Governance & Lifecycle",
                                 "version": {
                                     "version_data": [
                                         {
-                                            "version_affected": "<", 
+                                            "version_affected": "<",
                                             "version_value": "7.1.0 P09, 7.1.1 P03"
                                         }
                                     ]
                                 }
                             }
                         ]
-                    }, 
+                    },
                     "vendor_name": "Dell"
                 }
             ]
         }
-    }, 
-    "data_format": "MITRE", 
-    "data_type": "CVE", 
-    "data_version": "4.0", 
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
     "description": {
         "description_data": [
             {
-                "lang": "eng", 
+                "lang": "eng",
                 "value": "The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a Session Fixation vulnerability. An authenticated malicious local user could potentially exploit this vulnerability as the session token is exposed as part of the URL. A remote attacker can gain access to victim\u2019s session and perform arbitrary actions with privileges of the user within the compromised session."
             }
         ]
-    }, 
+    },
     "impact": {
         "cvss": {
-            "baseScore": 8.7, 
-            "baseSeverity": "High", 
-            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", 
+            "baseScore": 8.7,
+            "baseSeverity": "High",
+            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
             "version": "3.0"
         }
-    }, 
+    },
     "problemtype": {
         "problemtype_data": [
             {
                 "description": [
                     {
-                        "lang": "eng", 
+                        "lang": "eng",
                         "value": "CWE-598: Information Exposure Through Query Strings in GET Request"
                     }
                 ]
             }
         ]
-    }, 
+    },
     "references": {
         "reference_data": [
             {
-                "refsource": "CONFIRM", 
-                "url": "https://www.dell.com/support/security/en-us/details/DOC-109310/DSA-2019-164-RSA-Identity-Governance-and-Lifecycle-Product-Security-Update-for-Multiple-Vulnerabi"
+                "refsource": "MISC",
+                "url": "https://www.dell.com/support/security/en-us/details/DOC-109310/DSA-2019-164-RSA-Identity-Governance-and-Lifecycle-Product-Security-Update-for-Multiple-Vulnerabi",
+                "name": "https://www.dell.com/support/security/en-us/details/DOC-109310/DSA-2019-164-RSA-Identity-Governance-and-Lifecycle-Product-Security-Update-for-Multiple-Vulnerabi"
             }
         ]
     }
diff --git a/2019/18xxx/CVE-2019-18994.json b/2019/18xxx/CVE-2019-18994.json
new file mode 100644
index 00000000000..2fc685584e1
--- /dev/null
+++ b/2019/18xxx/CVE-2019-18994.json
@@ -0,0 +1,96 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "cybersecurity@ch.abb.com",
+        "ID": "CVE-2019-18994",
+        "STATE": "PUBLIC",
+        "TITLE": "ABB PB610 HMIStudio crashes after launching an empty *.JPR application file"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "ABB PB610 Panel Builder 600",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<=",
+                                            "version_value": "2.8.0.424"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "ABB"
+                }
+            ]
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "NSFOCUS for providing vulnerability details and proof of concept."
+        }
+    ],
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "Due to a lack of file length check, the HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier crashes when trying to load an empty *.JPR application file. An attacker with access to the file system might be able to cause application malfunction such as denial of service."
+            }
+        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "LOCAL",
+            "availabilityImpact": "LOW",
+            "baseScore": 3.9,
+            "baseSeverity": "LOW",
+            "confidentialityImpact": "NONE",
+            "integrityImpact": "LOW",
+            "privilegesRequired": "LOW",
+            "scope": "UNCHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-20 Improper Input Validation"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "url": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch",
+                "name": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "3ADR010466",
+        "defect": [
+            "ABBVU-RAMF-1908001"
+        ],
+        "discovery": "UNKNOWN"
+    }
+}
\ No newline at end of file
diff --git a/2019/18xxx/CVE-2019-18995.json b/2019/18xxx/CVE-2019-18995.json
new file mode 100644
index 00000000000..7da579b259b
--- /dev/null
+++ b/2019/18xxx/CVE-2019-18995.json
@@ -0,0 +1,95 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "cybersecurity@ch.abb.com",
+        "ID": "CVE-2019-18995",
+        "STATE": "PUBLIC",
+        "TITLE": "ABB PB610 HMISimulator does not check content-length of the HTTP request"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "PB610 Panel Builder 600",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<=",
+                                            "version_value": "2.8.0.424"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "ABB"
+                }
+            ]
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "NSFOCUS for providing vulnerability details and proof of concept."
+        }
+    ],
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "The HMISimulator component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier fails to validate the content-length field for HTTP requests, exposing HMISimulator to denial of service via crafted HTTP requests manipulating the content-length setting."
+            }
+        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "ADJACENT_NETWORK",
+            "availabilityImpact": "LOW",
+            "baseScore": 4.3,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "NONE",
+            "integrityImpact": "NONE",
+            "privilegesRequired": "NONE",
+            "scope": "UNCHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-20 Improper Input Validation"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "url": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch",
+                "name": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch"
+            }
+        ]
+    },
+    "source": {
+        "defect": [
+            "ABBVU-RAMF-1908002"
+        ],
+        "discovery": "UNKNOWN"
+    }
+}
\ No newline at end of file
diff --git a/2019/18xxx/CVE-2019-18996.json b/2019/18xxx/CVE-2019-18996.json
new file mode 100644
index 00000000000..72f6d24184c
--- /dev/null
+++ b/2019/18xxx/CVE-2019-18996.json
@@ -0,0 +1,95 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "cybersecurity@ch.abb.com",
+        "ID": "CVE-2019-18996",
+        "STATE": "PUBLIC",
+        "TITLE": "ABB PB610 HMIStudio accepts malicious DLL file in an application"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "PB610 Panel Builder 600",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<=",
+                                            "version_value": "2.8.0.424"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "ABB"
+                }
+            ]
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "NSFOCUS for providing vulnerability details and proof of concept."
+        }
+    ],
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "Path settings in HMIStudio component of ABB PB610 Panel Builder 600 versions 2.8.0.424 and earlier accept DLLs outside of the program directory, potentially allowing an attacker with access to the local file system the execution of code in the application\u2019s context."
+            }
+        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "LOCAL",
+            "availabilityImpact": "LOW",
+            "baseScore": 7.1,
+            "baseSeverity": "HIGH",
+            "confidentialityImpact": "NONE",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "NONE",
+            "scope": "CHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:L",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-424 Improper Protection of Alternate Path"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "url": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch",
+                "name": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch"
+            }
+        ]
+    },
+    "source": {
+        "defect": [
+            "ABBVU-RAMF-1908003"
+        ],
+        "discovery": "UNKNOWN"
+    }
+}
\ No newline at end of file
diff --git a/2019/18xxx/CVE-2019-18997.json b/2019/18xxx/CVE-2019-18997.json
new file mode 100644
index 00000000000..fc51849fa2f
--- /dev/null
+++ b/2019/18xxx/CVE-2019-18997.json
@@ -0,0 +1,95 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "cybersecurity@ch.abb.com",
+        "ID": "CVE-2019-18997",
+        "STATE": "PUBLIC",
+        "TITLE": "PB610 HMISimulator provides interface with access to arbitrary files"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "PB610 Panel Builder 600",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<=",
+                                            "version_value": "2.8.0.424"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "ABB"
+                }
+            ]
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "NSFOCUS for providing vulnerability details and proof of concept."
+        }
+    ],
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "The HMISimulator component of ABB PB610 Panel Builder 600 uses the readFile/writeFile interface to manipulate the work file. Path configuration in PB610 HMISimulator versions 2.8.0.424 and earlier potentially allows access to files outside of the working directory, thus potentially supporting unauthorized file access."
+            }
+        ]
+    },
+    "generator": {
+        "engine": "Vulnogram 0.0.9"
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "ADJACENT_NETWORK",
+            "availabilityImpact": "LOW",
+            "baseScore": 4.3,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "NONE",
+            "integrityImpact": "NONE",
+            "privilegesRequired": "NONE",
+            "scope": "UNCHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-424 Improper Protection of Alternate Path"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "url": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch",
+                "name": "http://search.abb.com/library/Download.aspx?DocumentID=3ADR010466&LanguageCode=en&DocumentPartId=&Action=Launch"
+            }
+        ]
+    },
+    "source": {
+        "defect": [
+            "ABBVU-RAMF-1908004"
+        ],
+        "discovery": "UNKNOWN"
+    }
+}
\ No newline at end of file
diff --git a/2019/19xxx/CVE-2019-19724.json b/2019/19xxx/CVE-2019-19724.json
index f2b5152364e..bd34cf4c3bf 100644
--- a/2019/19xxx/CVE-2019-19724.json
+++ b/2019/19xxx/CVE-2019-19724.json
@@ -1,17 +1,61 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
-        "ID": "CVE-2019-19724",
         "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ID": "CVE-2019-19724",
+        "STATE": "PUBLIC"
     },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "name": "https://github.com/sylabs/singularity/releases/tag/v3.5.2",
+                "url": "https://github.com/sylabs/singularity/releases/tag/v3.5.2"
             }
         ]
     }
diff --git a/2019/1xxx/CVE-2019-1387.json b/2019/1xxx/CVE-2019-1387.json
index 06cc5b25344..16825c17afc 100644
--- a/2019/1xxx/CVE-2019-1387.json
+++ b/2019/1xxx/CVE-2019-1387.json
@@ -1,17 +1,91 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-1387",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
     "data_type": "CVE",
+    "data_format": "MITRE",
     "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-1387",
+        "ASSIGNER": "secure@microsoft.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Microsoft Corporation",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Git",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Before v2.24.1"
+                                        },
+                                        {
+                                            "version_value": "Before v2.23.1"
+                                        },
+                                        {
+                                            "version_value": "Before v2.22.2"
+                                        },
+                                        {
+                                            "version_value": "Before v2.21.1"
+                                        },
+                                        {
+                                            "version_value": "Before v2.20.2"
+                                        },
+                                        {
+                                            "version_value": "Before v2.19.3"
+                                        },
+                                        {
+                                            "version_value": "Before v2.18.2"
+                                        },
+                                        {
+                                            "version_value": "Before v2.17.3"
+                                        },
+                                        {
+                                            "version_value": "Before v2.16.6"
+                                        },
+                                        {
+                                            "version_value": "Before v2.15.4"
+                                        },
+                                        {
+                                            "version_value": "Before v2.14.6"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Remote Code Execution"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "name": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u",
+                "url": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u"
+            }
+        ]
+    },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code execution in recursive clones."
             }
         ]
     }
diff --git a/2019/5xxx/CVE-2019-5073.json b/2019/5xxx/CVE-2019-5073.json
index 04088d5a723..19f60f9b5d9 100644
--- a/2019/5xxx/CVE-2019-5073.json
+++ b/2019/5xxx/CVE-2019-5073.json
@@ -1,17 +1,74 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-5073",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
     "data_type": "CVE",
+    "data_format": "MITRE",
     "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-5073",
+        "ASSIGNER": "talos-cna@cisco.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "WAGO PFC200",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Firmware version 03.01.07(13)"
+                                        },
+                                        {
+                                            "version_value": "Firmware version 03.00.39(12)"
+                                        }
+                                    ]
+                                }
+                            },
+                            {
+                                "product_name": "WAGO PFC100",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Firmware version 03.00.39(12)"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "information exposure"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0862",
+                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0862"
+            }
+        ]
+    },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "An exploitable information exposure vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause an external tool to fail, resulting in uninitialized stack data to be copied to the response packet buffer. An attacker can send unauthenticated packets to trigger this vulnerability."
             }
         ]
     }
diff --git a/2019/5xxx/CVE-2019-5075.json b/2019/5xxx/CVE-2019-5075.json
index e9a3b1ad7ae..7bd20f1c026 100644
--- a/2019/5xxx/CVE-2019-5075.json
+++ b/2019/5xxx/CVE-2019-5075.json
@@ -1,17 +1,74 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-5075",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
     "data_type": "CVE",
+    "data_format": "MITRE",
     "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-5075",
+        "ASSIGNER": "talos-cna@cisco.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "WAGO PFC200",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Firmware version 03.01.07(13)"
+                                        },
+                                        {
+                                            "version_value": "Firmware version 03.00.39(12)"
+                                        }
+                                    ]
+                                }
+                            },
+                            {
+                                "product_name": "WAGO PFC100",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Firmware version 03.00.39(12)"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "stack buffer overflow"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0864",
+                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0864"
+            }
+        ]
+    },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "An exploitable stack buffer overflow vulnerability exists in the command line utility getcouplerdetails of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets sent to the iocheckd service \"I/O-Check\" can cause a stack buffer overflow in the sub-process getcouplerdetails, resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability."
             }
         ]
     }
diff --git a/2019/5xxx/CVE-2019-5078.json b/2019/5xxx/CVE-2019-5078.json
index 7f3307d96a7..af807a97fe2 100644
--- a/2019/5xxx/CVE-2019-5078.json
+++ b/2019/5xxx/CVE-2019-5078.json
@@ -1,17 +1,74 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-5078",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
     "data_type": "CVE",
+    "data_format": "MITRE",
     "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-5078",
+        "ASSIGNER": "talos-cna@cisco.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "WAGO PFC200",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Firmware version 03.01.07(13)"
+                                        },
+                                        {
+                                            "version_value": "Firmware version 03.00.39(12)"
+                                        }
+                                    ]
+                                }
+                            },
+                            {
+                                "product_name": "WAGO PFC100",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Firmware version 03.00.39(12)"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "denial of service"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0870",
+                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0870"
+            }
+        ]
+    },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "An exploitable denial of service vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a denial of service, resulting in the device entering an error state where it ceases all network communications. An attacker can send unauthenticated packets to trigger this vulnerability."
             }
         ]
     }
diff --git a/2019/5xxx/CVE-2019-5079.json b/2019/5xxx/CVE-2019-5079.json
index 913f538fa52..65aa0c793c4 100644
--- a/2019/5xxx/CVE-2019-5079.json
+++ b/2019/5xxx/CVE-2019-5079.json
@@ -1,17 +1,74 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-5079",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
     "data_type": "CVE",
+    "data_format": "MITRE",
     "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-5079",
+        "ASSIGNER": "talos-cna@cisco.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "WAGO PFC200",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Firmware version 03.01.07(13)"
+                                        },
+                                        {
+                                            "version_value": "Firmware version 03.00.39(12)"
+                                        }
+                                    ]
+                                }
+                            },
+                            {
+                                "product_name": "WAGO PFC100",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Firmware version 03.00.39(12)"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "remote code execution"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0871",
+                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0871"
+            }
+        ]
+    },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "An exploitable heap buffer overflow vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability."
             }
         ]
     }
diff --git a/2019/5xxx/CVE-2019-5080.json b/2019/5xxx/CVE-2019-5080.json
index 2151ef7094b..e8ca0990b0d 100644
--- a/2019/5xxx/CVE-2019-5080.json
+++ b/2019/5xxx/CVE-2019-5080.json
@@ -1,17 +1,74 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-5080",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
     "data_type": "CVE",
+    "data_format": "MITRE",
     "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-5080",
+        "ASSIGNER": "talos-cna@cisco.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "WAGO PFC200",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Firmware version 03.01.07(13)"
+                                        },
+                                        {
+                                            "version_value": "Firmware version 03.00.39(12)"
+                                        }
+                                    ]
+                                }
+                            },
+                            {
+                                "product_name": "WAGO PFC100",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Firmware version 03.00.39(12)"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "denial of service"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0872",
+                "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0872"
+            }
+        ]
+    },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "An exploitable denial-of-service vulnerability exists in the iocheckd service \"I/O-Check\" functionality of WAGO PFC 200 Firmware versions 03.01.07(13) and 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A single packet can cause a denial of service and weaken credentials resulting in the default documented credentials being applied to the device. An attacker can send an unauthenticated packet to trigger this vulnerability."
             }
         ]
     }
diff --git a/2019/5xxx/CVE-2019-5469.json b/2019/5xxx/CVE-2019-5469.json
index 247d58813e9..5921fa1cde1 100644
--- a/2019/5xxx/CVE-2019-5469.json
+++ b/2019/5xxx/CVE-2019-5469.json
@@ -1,17 +1,66 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-5469",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
     "data_type": "CVE",
+    "data_format": "MITRE",
     "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-5469",
+        "ASSIGNER": "support@hackerone.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "GitLab",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Fixed versions 12.1.2, 12.0.4, and 11.11.6"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Insecure Direct Object Reference (IDOR) (CWE-639)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://hackerone.com/reports/534794",
+                "url": "https://hackerone.com/reports/534794"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/60551",
+                "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/60551"
+            }
+        ]
+    },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, and <v11.11.6 that allowed uploading files from project archive to replace other users files potentially allowing an attacker to replace project binaries or other uploaded assets."
             }
         ]
     }
diff --git a/2019/5xxx/CVE-2019-5486.json b/2019/5xxx/CVE-2019-5486.json
index 7c6169b0d7d..4b4a7139614 100644
--- a/2019/5xxx/CVE-2019-5486.json
+++ b/2019/5xxx/CVE-2019-5486.json
@@ -1,17 +1,61 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-5486",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
     "data_type": "CVE",
+    "data_format": "MITRE",
     "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-5486",
+        "ASSIGNER": "support@hackerone.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "GitLab CE/EE",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "12.3.2, 12.2.6, and 12.1.10"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Authentication Bypass Using an Alternate Path or Channel (CWE-288)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://hackerone.com/reports/617896",
+                "url": "https://hackerone.com/reports/617896"
+            }
+        ]
+    },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A authentication bypass vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.10 in the Salesforce login integration that could be used by an attacker to create an account that bypassed domain restrictions and email verification requirements."
             }
         ]
     }
diff --git a/2019/5xxx/CVE-2019-5487.json b/2019/5xxx/CVE-2019-5487.json
index f8d6022f62d..0784f47b24e 100644
--- a/2019/5xxx/CVE-2019-5487.json
+++ b/2019/5xxx/CVE-2019-5487.json
@@ -1,17 +1,61 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-5487",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
     "data_type": "CVE",
+    "data_format": "MITRE",
     "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-5487",
+        "ASSIGNER": "support@hackerone.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "GitLab EE",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "12.3.3, 12.2.7, 12.1.13"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Improper Access Control - Generic (CWE-284)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://hackerone.com/reports/692252",
+                "url": "https://hackerone.com/reports/692252"
+            }
+        ]
+    },
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "An improper access control vulnerability exists in Gitlab EE <v12.3.3, <v12.2.7, & <v12.1.13 that allowed the group search feature with Elasticsearch to return private code, merge requests and commits."
             }
         ]
     }