diff --git a/2013/4xxx/CVE-2013-4343.json b/2013/4xxx/CVE-2013-4343.json index 999651d6d22..ac63edb01d3 100644 --- a/2013/4xxx/CVE-2013-4343.json +++ b/2013/4xxx/CVE-2013-4343.json @@ -101,6 +101,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1570", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1579", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html" } ] } diff --git a/2016/2xxx/CVE-2016-2510.json b/2016/2xxx/CVE-2016-2510.json index b8462d29a06..bd35260fd46 100644 --- a/2016/2xxx/CVE-2016-2510.json +++ b/2016/2xxx/CVE-2016-2510.json @@ -136,6 +136,11 @@ "name": "https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf", "refsource": "MISC", "url": "https://www.rsaconference.com/writable/presentations/file_upload/asd-f03-serial-killer-silently-pwning-your-java-endpoints.pdf" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1545", + "url": "https://access.redhat.com/errata/RHSA-2019:1545" } ] } diff --git a/2017/15xxx/CVE-2017-15691.json b/2017/15xxx/CVE-2017-15691.json index a7513fdfc82..c4932b73bb9 100644 --- a/2017/15xxx/CVE-2017-15691.json +++ b/2017/15xxx/CVE-2017-15691.json @@ -74,6 +74,11 @@ "refsource": "MLIST", "name": "[uima-commits] 20190501 svn commit: r1858489 - in /uima/site/trunk/uima-website: docs/security_report.html xdocs/security_report.xml", "url": "https://lists.apache.org/thread.html/00407c65738e625a8cc9d732923a4ab2d8299603cc7c7e5cc2da9c79@%3Ccommits.uima.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1545", + "url": "https://access.redhat.com/errata/RHSA-2019:1545" } ] } diff --git a/2017/5xxx/CVE-2017-5645.json b/2017/5xxx/CVE-2017-5645.json index 52a8b7be45d..3758810b619 100644 --- a/2017/5xxx/CVE-2017-5645.json +++ b/2017/5xxx/CVE-2017-5645.json @@ -201,6 +201,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1545", + "url": "https://access.redhat.com/errata/RHSA-2019:1545" } ] } diff --git a/2018/11xxx/CVE-2018-11798.json b/2018/11xxx/CVE-2018-11798.json index 36aa0dff130..bae1665a07e 100644 --- a/2018/11xxx/CVE-2018-11798.json +++ b/2018/11xxx/CVE-2018-11798.json @@ -61,6 +61,11 @@ "name": "https://lists.apache.org/thread.html/6e9edd282684896cedf615fb67a02bebfe6007f2d5baf03ba52e34fd@%3Cuser.thrift.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/6e9edd282684896cedf615fb67a02bebfe6007f2d5baf03ba52e34fd@%3Cuser.thrift.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1545", + "url": "https://access.redhat.com/errata/RHSA-2019:1545" } ] } diff --git a/2018/3xxx/CVE-2018-3258.json b/2018/3xxx/CVE-2018-3258.json index d5f39e0b095..eeb969b90a9 100644 --- a/2018/3xxx/CVE-2018-3258.json +++ b/2018/3xxx/CVE-2018-3258.json @@ -72,6 +72,11 @@ "name": "https://security.netapp.com/advisory/ntap-20181018-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20181018-0002/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:1545", + "url": "https://access.redhat.com/errata/RHSA-2019:1545" } ] } diff --git a/2018/7xxx/CVE-2018-7191.json b/2018/7xxx/CVE-2018-7191.json index 1ae68c2541c..589baaf9e9c 100644 --- a/2018/7xxx/CVE-2018-7191.json +++ b/2018/7xxx/CVE-2018-7191.json @@ -101,6 +101,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1570", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1579", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html" } ] } diff --git a/2019/10xxx/CVE-2019-10085.json b/2019/10xxx/CVE-2019-10085.json index 400cba00f67..811cacfcafa 100644 --- a/2019/10xxx/CVE-2019-10085.json +++ b/2019/10xxx/CVE-2019-10085.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10085", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache Allura", + "version": { + "version_data": [ + { + "version_value": "Apache Allura prior to 1.11.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/88c064c95da2f41d5435ca5b3e364925bed72cc73bcec9b3f25e4c07@%3Cdev.allura.apache.org%3E", + "url": "https://lists.apache.org/thread.html/88c064c95da2f41d5435ca5b3e364925bed72cc73bcec9b3f25e4c07@%3Cdev.allura.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache Allura prior to 1.11.0, a vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. The XSS executes when a user engages with that dropdown on that page." } ] } diff --git a/2019/11xxx/CVE-2019-11038.json b/2019/11xxx/CVE-2019-11038.json index acf53f6acfc..c9d50ab0569 100644 --- a/2019/11xxx/CVE-2019-11038.json +++ b/2019/11xxx/CVE-2019-11038.json @@ -1,121 +1,112 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "generator": { - "engine": "Vulnogram 0.0.7" - }, - "CVE_data_meta": { - "ID": "CVE-2019-11038", - "ASSIGNER": "security@php.net", - "DATE_PUBLIC": "2019-05-28T06:49:00.000Z", - "TITLE": "Uninitialized read in gdImageCreateFromXbm", - "AKA": "", - "STATE": "PUBLIC" - }, - "source": { - "defect": [ - "https://bugs.php.net/bug.php?id=77973" - ], - "advisory": "", - "discovery": "EXTERNAL" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "PHP Group", - "product": { - "product_data": [ - { - "product_name": "PHP", - "version": { - "version_data": [ - { - "version_name": "7.1.x", - "version_affected": "<", - "version_value": "7.1.30", - "platform": "" - }, - { - "version_name": "7.2.x", - "version_affected": "<", - "version_value": "7.2.19", - "platform": "" - }, - { - "version_name": "7.3.x", - "version_affected": "<", - "version_value": "7.3.6", - "platform": "" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "generator": { + "engine": "Vulnogram 0.0.7" + }, + "CVE_data_meta": { + "ID": "CVE-2019-11038", + "ASSIGNER": "security@php.net", + "DATE_PUBLIC": "2019-05-28T06:49:00.000Z", + "TITLE": "Uninitialized read in gdImageCreateFromXbm", + "AKA": "", + "STATE": "PUBLIC" + }, + "source": { + "defect": [ + "https://bugs.php.net/bug.php?id=77973" + ], + "advisory": "", + "discovery": "EXTERNAL" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHP Group", + "product": { + "product_data": [ + { + "product_name": "PHP", + "version": { + "version_data": [ + { + "version_value": "7.1.x < 7.1.30" + }, + { + "version_value": "7.2.x < 7.2.19" + }, + { + "version_value": "7.3.x < 7.3.6" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-457: Use of Uninitialized Variable" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-457: Use of Uninitialized Variable" + } + ] + } ] - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When using gdImageCreateFromXbm() function of gd extension in versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://bugs.php.net/bug.php?id=77973", + "url": "https://bugs.php.net/bug.php?id=77973" + } + ] + }, + "configuration": [ + { + "lang": "eng", + "value": "The code has to enable gd extension and use gdImageCreateFromXbm() on externally controlled data to be vulnerable. " + } + ], + "impact": { + "cvss": { + "version": "3.0", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "baseScore": 3.1, + "baseSeverity": "LOW" + } + }, + "exploit": [], + "work_around": [], + "solution": [], + "credit": [ + { + "lang": "eng", + "value": "By chamal dot desilva at gmail dot com" + } ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "When using gdImageCreateFromXbm() function of gd extension in versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://bugs.php.net/bug.php?id=77973", - "name": "" - } - ] - }, - "configuration": [ - { - "lang": "eng", - "value": "The code has to enable gd extension and use gdImageCreateFromXbm() on externally controlled data to be vulnerable. " - } - ], - "impact": { - "cvss": { - "version": "3.0", - "attackVector": "NETWORK", - "attackComplexity": "HIGH", - "privilegesRequired": "NONE", - "userInteraction": "REQUIRED", - "scope": "UNCHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "availabilityImpact": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", - "baseScore": 3.1, - "baseSeverity": "LOW" - } - }, - "exploit": [], - "work_around": [], - "solution": [], - "credit": [ - { - "lang": "eng", - "value": "By chamal dot desilva at gmail dot com" - } - ] } \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11039.json b/2019/11xxx/CVE-2019-11039.json index ef1c7fb7db5..438b49fe96f 100644 --- a/2019/11xxx/CVE-2019-11039.json +++ b/2019/11xxx/CVE-2019-11039.json @@ -1,116 +1,107 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "generator": { - "engine": "Vulnogram 0.0.7" - }, - "CVE_data_meta": { - "ID": "CVE-2019-11039", - "ASSIGNER": "security@php.net", - "DATE_PUBLIC": "2019-05-28T06:49:00.000Z", - "TITLE": "Out-of-bounds read in iconv.c", - "AKA": "", - "STATE": "PUBLIC" - }, - "source": { - "defect": [ - "https://bugs.php.net/bug.php?id=78069" - ], - "advisory": "", - "discovery": "EXTERNAL" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "PHP Group", - "product": { - "product_data": [ - { - "product_name": "PHP", - "version": { - "version_data": [ - { - "version_name": "7.1.x", - "version_affected": "<", - "version_value": "7.1.30", - "platform": "" - }, - { - "version_name": "7.2.x", - "version_affected": "<", - "version_value": "7.2.19", - "platform": "" - }, - { - "version_name": "7.3.x", - "version_affected": "<", - "version_value": "7.3.6", - "platform": "" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "generator": { + "engine": "Vulnogram 0.0.7" + }, + "CVE_data_meta": { + "ID": "CVE-2019-11039", + "ASSIGNER": "security@php.net", + "DATE_PUBLIC": "2019-05-28T06:49:00.000Z", + "TITLE": "Out-of-bounds read in iconv.c", + "AKA": "", + "STATE": "PUBLIC" + }, + "source": { + "defect": [ + "https://bugs.php.net/bug.php?id=78069" + ], + "advisory": "", + "discovery": "EXTERNAL" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHP Group", + "product": { + "product_data": [ + { + "product_name": "PHP", + "version": { + "version_data": [ + { + "version_value": "7.1.30" + }, + { + "version_value": "7.2.19" + }, + { + "version_value": "7.3.6" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-125 Out-of-bounds Read" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read" + } + ] + } ] - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Function iconv_mime_decode_headers() in versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://bugs.php.net/bug.php?id=78069", + "url": "https://bugs.php.net/bug.php?id=78069" + } + ] + }, + "configuration": [], + "impact": { + "cvss": { + "version": "3.0", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + } + }, + "exploit": [], + "work_around": [], + "solution": [], + "credit": [ + { + "lang": "eng", + "value": "By maris dot adam at gmail dot com" + } ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Function iconv_mime_decode_headers() in versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash." - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://bugs.php.net/bug.php?id=78069", - "name": "" - } - ] - }, - "configuration": [], - "impact": { - "cvss": { - "version": "3.0", - "attackVector": "NETWORK", - "attackComplexity": "HIGH", - "privilegesRequired": "NONE", - "userInteraction": "REQUIRED", - "scope": "UNCHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "availabilityImpact": "LOW", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", - "baseScore": 4.2, - "baseSeverity": "MEDIUM" - } - }, - "exploit": [], - "work_around": [], - "solution": [], - "credit": [ - { - "lang": "eng", - "value": "By maris dot adam at gmail dot com" - } - ] } \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11040.json b/2019/11xxx/CVE-2019-11040.json index f65138cc103..e4c29287969 100644 --- a/2019/11xxx/CVE-2019-11040.json +++ b/2019/11xxx/CVE-2019-11040.json @@ -1,116 +1,107 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "generator": { - "engine": "Vulnogram 0.0.7" - }, - "CVE_data_meta": { - "ID": "CVE-2019-11040", - "ASSIGNER": "security@php.net", - "DATE_PUBLIC": "2019-05-28T06:49:00.000Z", - "TITLE": "Heap buffer overflow in EXIF extension", - "AKA": "", - "STATE": "PUBLIC" - }, - "source": { - "defect": [ - "https://bugs.php.net/bug.php?id=77988" - ], - "advisory": "", - "discovery": "EXTERNAL" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "PHP Group", - "product": { - "product_data": [ - { - "product_name": "PHP", - "version": { - "version_data": [ - { - "version_name": "7.1.x", - "version_affected": "<", - "version_value": "7.1.30", - "platform": "" - }, - { - "version_name": "7.2.x", - "version_affected": "<", - "version_value": "7.2.19", - "platform": "" - }, - { - "version_name": "7.3.x", - "version_affected": "<", - "version_value": "7.3.6", - "platform": "" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "generator": { + "engine": "Vulnogram 0.0.7" + }, + "CVE_data_meta": { + "ID": "CVE-2019-11040", + "ASSIGNER": "security@php.net", + "DATE_PUBLIC": "2019-05-28T06:49:00.000Z", + "TITLE": "Heap buffer overflow in EXIF extension", + "AKA": "", + "STATE": "PUBLIC" + }, + "source": { + "defect": [ + "https://bugs.php.net/bug.php?id=77988" + ], + "advisory": "", + "discovery": "EXTERNAL" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PHP Group", + "product": { + "product_data": [ + { + "product_name": "PHP", + "version": { + "version_data": [ + { + "version_value": "7.1.30" + }, + { + "version_value": "7.2.19" + }, + { + "version_value": "7.3.6" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-125 Out-of-bounds Read" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read" + } + ] + } ] - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://bugs.php.net/bug.php?id=77988", + "url": "https://bugs.php.net/bug.php?id=77988" + } + ] + }, + "configuration": [], + "impact": { + "cvss": { + "version": "3.0", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + } + }, + "exploit": [], + "work_around": [], + "solution": [], + "credit": [ + { + "lang": "eng", + "value": "By orestiskourides at gmail dot com" + } ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "When EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash. " - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://bugs.php.net/bug.php?id=77988", - "name": "" - } - ] - }, - "configuration": [], - "impact": { - "cvss": { - "version": "3.0", - "attackVector": "NETWORK", - "attackComplexity": "HIGH", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "availabilityImpact": "LOW", - "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", - "baseScore": 4.8, - "baseSeverity": "MEDIUM" - } - }, - "exploit": [], - "work_around": [], - "solution": [], - "credit": [ - { - "lang": "eng", - "value": "By orestiskourides at gmail dot com" - } - ] } \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11085.json b/2019/11xxx/CVE-2019-11085.json index aca917620ab..40fb95bd68b 100644 --- a/2019/11xxx/CVE-2019-11085.json +++ b/2019/11xxx/CVE-2019-11085.json @@ -63,6 +63,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1479", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1579", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html" } ] }, diff --git a/2019/11xxx/CVE-2019-11477.json b/2019/11xxx/CVE-2019-11477.json index 44ce75e882d..115c336b0ba 100644 --- a/2019/11xxx/CVE-2019-11477.json +++ b/2019/11xxx/CVE-2019-11477.json @@ -103,20 +103,24 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff" + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff" }, { - "refsource": "CONFIRM", - "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" + "refsource": "MISC", + "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", + "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { - "refsource": "CONFIRM", - "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" + "refsource": "MISC", + "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", + "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { - "refsource": "CONFIRM", - "url": "https://access.redhat.com/security/vulnerabilities/tcpsack" + "refsource": "MISC", + "url": "https://access.redhat.com/security/vulnerabilities/tcpsack", + "name": "https://access.redhat.com/security/vulnerabilities/tcpsack" } ] }, @@ -127,4 +131,4 @@ ], "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11478.json b/2019/11xxx/CVE-2019-11478.json index 108ce570887..012666f0fa8 100644 --- a/2019/11xxx/CVE-2019-11478.json +++ b/2019/11xxx/CVE-2019-11478.json @@ -102,20 +102,24 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e" + "refsource": "MISC", + "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", + "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { - "refsource": "CONFIRM", - "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" + "refsource": "MISC", + "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", + "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { - "refsource": "CONFIRM", - "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" + "refsource": "MISC", + "url": "https://access.redhat.com/security/vulnerabilities/tcpsack", + "name": "https://access.redhat.com/security/vulnerabilities/tcpsack" }, { - "refsource": "CONFIRM", - "url": "https://access.redhat.com/security/vulnerabilities/tcpsack" + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e" } ] }, @@ -126,4 +130,4 @@ ], "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11479.json b/2019/11xxx/CVE-2019-11479.json index 812a7f758c5..56fd80101ae 100644 --- a/2019/11xxx/CVE-2019-11479.json +++ b/2019/11xxx/CVE-2019-11479.json @@ -101,24 +101,29 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363" + "refsource": "MISC", + "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", + "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { - "refsource": "CONFIRM", - "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6" + "refsource": "MISC", + "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", + "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { - "refsource": "CONFIRM", - "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" + "refsource": "MISC", + "url": "https://access.redhat.com/security/vulnerabilities/tcpsack", + "name": "https://access.redhat.com/security/vulnerabilities/tcpsack" }, { - "refsource": "CONFIRM", - "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363" }, { - "refsource": "CONFIRM", - "url": "https://access.redhat.com/security/vulnerabilities/tcpsack" + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6" } ] }, @@ -128,4 +133,4 @@ ], "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11487.json b/2019/11xxx/CVE-2019-11487.json index e8cb2ddbf6b..d69f07ef63d 100644 --- a/2019/11xxx/CVE-2019-11487.json +++ b/2019/11xxx/CVE-2019-11487.json @@ -136,6 +136,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1571", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1579", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html" } ] } diff --git a/2019/11xxx/CVE-2019-11833.json b/2019/11xxx/CVE-2019-11833.json index b2df64c0ac0..e936f039e0f 100644 --- a/2019/11xxx/CVE-2019-11833.json +++ b/2019/11xxx/CVE-2019-11833.json @@ -96,6 +96,11 @@ "refsource": "BUGTRAQ", "name": "20190618 [SECURITY] [DSA 4465-1] linux security update", "url": "https://seclists.org/bugtraq/2019/Jun/26" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1579", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html" } ] } diff --git a/2019/12xxx/CVE-2019-12380.json b/2019/12xxx/CVE-2019-12380.json index 000f6308e0b..48e5894041b 100644 --- a/2019/12xxx/CVE-2019-12380.json +++ b/2019/12xxx/CVE-2019-12380.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1571", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1579", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html" } ] } diff --git a/2019/12xxx/CVE-2019-12382.json b/2019/12xxx/CVE-2019-12382.json index a578ec5f126..3c6bd6ebfe3 100644 --- a/2019/12xxx/CVE-2019-12382.json +++ b/2019/12xxx/CVE-2019-12382.json @@ -86,6 +86,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1571", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1579", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html" } ] } diff --git a/2019/12xxx/CVE-2019-12456.json b/2019/12xxx/CVE-2019-12456.json index 28e5107b2c9..72ca36fc83c 100644 --- a/2019/12xxx/CVE-2019-12456.json +++ b/2019/12xxx/CVE-2019-12456.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1571", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1579", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html" } ] } diff --git a/2019/12xxx/CVE-2019-12818.json b/2019/12xxx/CVE-2019-12818.json index 142eeae74d8..4b3723c0f6c 100644 --- a/2019/12xxx/CVE-2019-12818.json +++ b/2019/12xxx/CVE-2019-12818.json @@ -81,6 +81,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1571", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1579", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html" } ] } diff --git a/2019/12xxx/CVE-2019-12819.json b/2019/12xxx/CVE-2019-12819.json index cd09cc15e60..891a2a82138 100644 --- a/2019/12xxx/CVE-2019-12819.json +++ b/2019/12xxx/CVE-2019-12819.json @@ -76,6 +76,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1571", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00040.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1579", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html" } ] } diff --git a/2019/3xxx/CVE-2019-3846.json b/2019/3xxx/CVE-2019-3846.json index 49435f2f63a..6ae3ec39d1f 100644 --- a/2019/3xxx/CVE-2019-3846.json +++ b/2019/3xxx/CVE-2019-3846.json @@ -93,6 +93,11 @@ "refsource": "BUGTRAQ", "name": "20190618 [SECURITY] [DSA 4465-1] linux security update", "url": "https://seclists.org/bugtraq/2019/Jun/26" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1579", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3896.json b/2019/3xxx/CVE-2019-3896.json index 2d13bb850d7..be7309dde38 100644 --- a/2019/3xxx/CVE-2019-3896.json +++ b/2019/3xxx/CVE-2019-3896.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-3896", - "ASSIGNER": "psampaio@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -68,4 +69,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3954.json b/2019/3xxx/CVE-2019-3954.json index 34dacf034c1..4c9d5c62ade 100644 --- a/2019/3xxx/CVE-2019-3954.json +++ b/2019/3xxx/CVE-2019-3954.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3954", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3954", + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess/SCADA", + "version": { + "version_data": [ + { + "version_value": "8.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2019-28", + "url": "https://www.tenable.com/security/research/tra-2019-28" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 81024 RPC call." } ] } diff --git a/2019/5xxx/CVE-2019-5489.json b/2019/5xxx/CVE-2019-5489.json index 3261aa98d03..df15769a54f 100644 --- a/2019/5xxx/CVE-2019-5489.json +++ b/2019/5xxx/CVE-2019-5489.json @@ -116,6 +116,11 @@ "refsource": "BUGTRAQ", "name": "20190618 [SECURITY] [DSA 4465-1] linux security update", "url": "https://seclists.org/bugtraq/2019/Jun/26" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1579", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html" } ] }