From 3dd4727271d940f4d3a4237065597cf69ee757bd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 23 Apr 2019 16:00:47 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/15xxx/CVE-2017-15716.json | 14 +++--- 2018/16xxx/CVE-2018-16877.json | 5 ++ 2019/0xxx/CVE-2019-0223.json | 88 +++++++++++++++++++++++++++++++--- 2019/10xxx/CVE-2019-10893.json | 5 ++ 2019/11xxx/CVE-2019-11068.json | 5 ++ 2019/11xxx/CVE-2019-11338.json | 5 ++ 2019/11xxx/CVE-2019-11339.json | 5 ++ 2019/11xxx/CVE-2019-11446.json | 5 ++ 2019/6xxx/CVE-2019-6133.json | 5 ++ 2019/6xxx/CVE-2019-6974.json | 5 ++ 2019/7xxx/CVE-2019-7221.json | 5 ++ 2019/7xxx/CVE-2019-7303.json | 14 +++--- 2019/7xxx/CVE-2019-7304.json | 19 ++++---- 2019/8xxx/CVE-2019-8453.json | 5 ++ 2019/8xxx/CVE-2019-8455.json | 5 ++ 2019/9xxx/CVE-2019-9022.json | 5 ++ 2019/9xxx/CVE-2019-9637.json | 5 ++ 2019/9xxx/CVE-2019-9638.json | 5 ++ 2019/9xxx/CVE-2019-9639.json | 5 ++ 2019/9xxx/CVE-2019-9640.json | 5 ++ 2019/9xxx/CVE-2019-9641.json | 5 ++ 2019/9xxx/CVE-2019-9675.json | 5 ++ 22 files changed, 197 insertions(+), 28 deletions(-) diff --git a/2017/15xxx/CVE-2017-15716.json b/2017/15xxx/CVE-2017-15716.json index d6c1dd8af39..1d879440b42 100644 --- a/2017/15xxx/CVE-2017-15716.json +++ b/2017/15xxx/CVE-2017-15716.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-15716", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-15716", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } diff --git a/2018/16xxx/CVE-2018-16877.json b/2018/16xxx/CVE-2018-16877.json index 5991634279e..eb0878be8aa 100644 --- a/2018/16xxx/CVE-2018-16877.json +++ b/2018/16xxx/CVE-2018-16877.json @@ -58,6 +58,11 @@ "refsource": "UBUNTU", "name": "USN-3952-1", "url": "https://usn.ubuntu.com/3952-1/" + }, + { + "refsource": "BID", + "name": "108042", + "url": "http://www.securityfocus.com/bid/108042" } ] }, diff --git a/2019/0xxx/CVE-2019-0223.json b/2019/0xxx/CVE-2019-0223.json index 741f45d9f68..a5289aa3a56 100644 --- a/2019/0xxx/CVE-2019-0223.json +++ b/2019/0xxx/CVE-2019-0223.json @@ -1,17 +1,91 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0223", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0223", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Qpid Proton", + "version": { + "version_data": [ + { + "version_value": "0.9 to 0.27.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Man-in-the-middle Attack" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[qpid-dev] 20190423 [jira] [Updated] (PROTON-2014) [CVE-2019-0223] TLS Man in the Middle Vulnerability", + "url": "https://lists.apache.org/thread.html/49c83f0acce5ceaeffca51714ec2ba0f0199bcb8f99167181bba441b@%3Cdev.qpid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[qpid-dev] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability", + "url": "https://lists.apache.org/thread.html/3adb2f020f705b4fd453982992a68cd10f9d5ac728b699efdb73c1f5@%3Cdev.qpid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability", + "url": "http://www.openwall.com/lists/oss-security/2019/04/23/4" + }, + { + "refsource": "MLIST", + "name": "[announce] 20190423 [SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability", + "url": "https://lists.apache.org/thread.html/d9c9a882a292e2defaed1f954528c916fb64497ce57db652727e39b0@%3Cannounce.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[SECURITY] CVE-2019-0223: Apache Qpid Proton TLS Man in the Middle Vulnerability", + "url": "https://lists.apache.org/thread.html/008ee5e78e5a090e1fcc5f6617f425e4e51d59f03d3eda2dd006df9f@%3Cusers.qpid.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel", + "url": "https://issues.apache.org/jira/browse/PROTON-2014?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aall-tabpanel" + }, + { + "refsource": "MLIST", + "name": "qpid-commits] 20190423 [qpid-site] branch asf-site updated: update site content for CVE-2019-0223", + "url": "https://lists.apache.org/thread.html/914424e4d798a340f523b6169aaf39b626971d9bb00fcdeb1d5d6c0d@%3Ccommits.qpid.apache.org%3E" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1.1.0. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic." } ] } diff --git a/2019/10xxx/CVE-2019-10893.json b/2019/10xxx/CVE-2019-10893.json index ac997be89c7..18d1a7d7508 100644 --- a/2019/10xxx/CVE-2019-10893.json +++ b/2019/10xxx/CVE-2019-10893.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://packetstormsecurity.com/files/152437/centoswp098email-xss.txt", "url": "https://packetstormsecurity.com/files/152437/centoswp098email-xss.txt" + }, + { + "refsource": "BID", + "name": "108035", + "url": "http://www.securityfocus.com/bid/108035" } ] } diff --git a/2019/11xxx/CVE-2019-11068.json b/2019/11xxx/CVE-2019-11068.json index 83bb37e89a4..aa7ff90581f 100644 --- a/2019/11xxx/CVE-2019-11068.json +++ b/2019/11xxx/CVE-2019-11068.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190422 Nokogiri security update v1.10.3", "url": "http://www.openwall.com/lists/oss-security/2019/04/22/1" + }, + { + "refsource": "UBUNTU", + "name": "USN-3947-1", + "url": "https://usn.ubuntu.com/3947-1/" } ] } diff --git a/2019/11xxx/CVE-2019-11338.json b/2019/11xxx/CVE-2019-11338.json index d1a73d766bd..ef36fd614af 100644 --- a/2019/11xxx/CVE-2019-11338.json +++ b/2019/11xxx/CVE-2019-11338.json @@ -56,6 +56,11 @@ "url": "https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e", "refsource": "MISC", "name": "https://github.com/FFmpeg/FFmpeg/commit/54655623a82632e7624714d7b2a3e039dc5faa7e" + }, + { + "refsource": "BID", + "name": "108034", + "url": "http://www.securityfocus.com/bid/108034" } ] } diff --git a/2019/11xxx/CVE-2019-11339.json b/2019/11xxx/CVE-2019-11339.json index 8328e35da9d..5cd30e3f4d9 100644 --- a/2019/11xxx/CVE-2019-11339.json +++ b/2019/11xxx/CVE-2019-11339.json @@ -61,6 +61,11 @@ "url": "https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb", "refsource": "MISC", "name": "https://github.com/FFmpeg/FFmpeg/commit/1f686d023b95219db933394a7704ad9aa5f01cbb" + }, + { + "refsource": "BID", + "name": "108037", + "url": "http://www.securityfocus.com/bid/108037" } ] } diff --git a/2019/11xxx/CVE-2019-11446.json b/2019/11xxx/CVE-2019-11446.json index 8db1fd7d03c..3b8bbcd9727 100644 --- a/2019/11xxx/CVE-2019-11446.json +++ b/2019/11xxx/CVE-2019-11446.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "EXPLOIT-DB", + "name": "46691", + "url": "https://www.exploit-db.com/exploits/46691/" + }, { "url": "https://www.exploit-db.com/exploits/46691", "refsource": "MISC", diff --git a/2019/6xxx/CVE-2019-6133.json b/2019/6xxx/CVE-2019-6133.json index 15af498450e..b598bb9fbd3 100644 --- a/2019/6xxx/CVE-2019-6133.json +++ b/2019/6xxx/CVE-2019-6133.json @@ -141,6 +141,11 @@ "refsource": "UBUNTU", "name": "USN-3934-1", "url": "https://usn.ubuntu.com/3934-1/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0832", + "url": "https://access.redhat.com/errata/RHSA-2019:0832" } ] } diff --git a/2019/6xxx/CVE-2019-6974.json b/2019/6xxx/CVE-2019-6974.json index c343f7600ce..264900f7d12 100644 --- a/2019/6xxx/CVE-2019-6974.json +++ b/2019/6xxx/CVE-2019-6974.json @@ -151,6 +151,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K11186236", "url": "https://support.f5.com/csp/article/K11186236" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0833", + "url": "https://access.redhat.com/errata/RHSA-2019:0833" } ] } diff --git a/2019/7xxx/CVE-2019-7221.json b/2019/7xxx/CVE-2019-7221.json index a4983b786b4..38ac8526644 100644 --- a/2019/7xxx/CVE-2019-7221.json +++ b/2019/7xxx/CVE-2019-7221.json @@ -136,6 +136,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190404-0002/", "url": "https://security.netapp.com/advisory/ntap-20190404-0002/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:0833", + "url": "https://access.redhat.com/errata/RHSA-2019:0833" } ] } diff --git a/2019/7xxx/CVE-2019-7303.json b/2019/7xxx/CVE-2019-7303.json index ee88e08eace..fb70e60c5b9 100644 --- a/2019/7xxx/CVE-2019-7303.json +++ b/2019/7xxx/CVE-2019-7303.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 bits to determine which ioctl(2) commands to run.\nThis issue affects:\nCanonical snapd versions prior to 2.37.4." + "value": "A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 bits to determine which ioctl(2) commands to run. This issue affects: Canonical snapd versions prior to 2.37.4." } ] }, @@ -81,12 +81,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://usn.ubuntu.com/3917-1/" + "refsource": "MISC", + "url": "https://usn.ubuntu.com/3917-1/", + "name": "https://usn.ubuntu.com/3917-1/" }, { - "refsource": "EXPLOIT-DB", - "url": "https://www.exploit-db.com/exploits/46594" + "refsource": "MISC", + "url": "https://www.exploit-db.com/exploits/46594", + "name": "https://www.exploit-db.com/exploits/46594" } ] }, @@ -96,4 +98,4 @@ ], "discovery": "EXTERNAL" } -} +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7304.json b/2019/7xxx/CVE-2019-7304.json index 8367ef7171f..32c3d2213f3 100644 --- a/2019/7xxx/CVE-2019-7304.json +++ b/2019/7xxx/CVE-2019-7304.json @@ -44,7 +44,7 @@ "description_data": [ { "lang": "eng", - "value": "Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root.\nThis issue affects:\nCanonical snapd versions prior to 2.37.1." + "value": "Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1." } ] }, @@ -82,16 +82,19 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://usn.ubuntu.com/3887-1/" + "refsource": "MISC", + "url": "https://usn.ubuntu.com/3887-1/", + "name": "https://usn.ubuntu.com/3887-1/" }, { - "refsource": "EXPLOIT-DB", - "url": "https://www.exploit-db.com/exploits/46361" + "refsource": "MISC", + "url": "https://www.exploit-db.com/exploits/46361", + "name": "https://www.exploit-db.com/exploits/46361" }, { - "refsource": "EXPLOIT-DB", - "url": "https://www.exploit-db.com/exploits/46362" + "refsource": "MISC", + "url": "https://www.exploit-db.com/exploits/46362", + "name": "https://www.exploit-db.com/exploits/46362" } ] }, @@ -101,4 +104,4 @@ ], "discovery": "EXTERNAL" } -} +} \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8453.json b/2019/8xxx/CVE-2019-8453.json index d70da3680ad..51e17adb632 100644 --- a/2019/8xxx/CVE-2019-8453.json +++ b/2019/8xxx/CVE-2019-8453.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960", "url": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960" + }, + { + "refsource": "BID", + "name": "108029", + "url": "http://www.securityfocus.com/bid/108029" } ] }, diff --git a/2019/8xxx/CVE-2019-8455.json b/2019/8xxx/CVE-2019-8455.json index 4c0ccbb3ed6..8c7ae75476d 100644 --- a/2019/8xxx/CVE-2019-8455.json +++ b/2019/8xxx/CVE-2019-8455.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960", "url": "https://www.zonealarm.com/software/release-history/zafavfw.html#15.4.260.17960" + }, + { + "refsource": "BID", + "name": "108029", + "url": "http://www.securityfocus.com/bid/108029" } ] }, diff --git a/2019/9xxx/CVE-2019-9022.json b/2019/9xxx/CVE-2019-9022.json index 85b9a4facec..276857cf74e 100644 --- a/2019/9xxx/CVE-2019-9022.json +++ b/2019/9xxx/CVE-2019-9022.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3922-2", + "url": "https://usn.ubuntu.com/3922-2/" } ] } diff --git a/2019/9xxx/CVE-2019-9637.json b/2019/9xxx/CVE-2019-9637.json index 9c194b84f95..0333f71de43 100644 --- a/2019/9xxx/CVE-2019-9637.json +++ b/2019/9xxx/CVE-2019-9637.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3922-2", + "url": "https://usn.ubuntu.com/3922-2/" } ] } diff --git a/2019/9xxx/CVE-2019-9638.json b/2019/9xxx/CVE-2019-9638.json index 207103603f8..77bf9ee9419 100644 --- a/2019/9xxx/CVE-2019-9638.json +++ b/2019/9xxx/CVE-2019-9638.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3922-2", + "url": "https://usn.ubuntu.com/3922-2/" } ] } diff --git a/2019/9xxx/CVE-2019-9639.json b/2019/9xxx/CVE-2019-9639.json index ce8442c0cd4..17bf286316c 100644 --- a/2019/9xxx/CVE-2019-9639.json +++ b/2019/9xxx/CVE-2019-9639.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3922-2", + "url": "https://usn.ubuntu.com/3922-2/" } ] } diff --git a/2019/9xxx/CVE-2019-9640.json b/2019/9xxx/CVE-2019-9640.json index b7e687099b5..4f262fbf9ec 100644 --- a/2019/9xxx/CVE-2019-9640.json +++ b/2019/9xxx/CVE-2019-9640.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3922-2", + "url": "https://usn.ubuntu.com/3922-2/" } ] } diff --git a/2019/9xxx/CVE-2019-9641.json b/2019/9xxx/CVE-2019-9641.json index 1a4c6299a86..52172196a88 100644 --- a/2019/9xxx/CVE-2019-9641.json +++ b/2019/9xxx/CVE-2019-9641.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1741-1] php5 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3922-2", + "url": "https://usn.ubuntu.com/3922-2/" } ] } diff --git a/2019/9xxx/CVE-2019-9675.json b/2019/9xxx/CVE-2019-9675.json index 9dee767ae8b..9715536996f 100644 --- a/2019/9xxx/CVE-2019-9675.json +++ b/2019/9xxx/CVE-2019-9675.json @@ -61,6 +61,11 @@ "name": "https://bugs.php.net/bug.php?id=77586", "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=77586" + }, + { + "refsource": "UBUNTU", + "name": "USN-3922-2", + "url": "https://usn.ubuntu.com/3922-2/" } ] }