diff --git a/2018/18xxx/CVE-2018-18815.json b/2018/18xxx/CVE-2018-18815.json index 6dc0cdb253e..fa88a024dce 100644 --- a/2018/18xxx/CVE-2018-18815.json +++ b/2018/18xxx/CVE-2018-18815.json @@ -156,6 +156,11 @@ "name": "107346", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107346" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-305/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-305/" } ] }, diff --git a/2018/20xxx/CVE-2018-20025.json b/2018/20xxx/CVE-2018-20025.json index b50833c5eef..6741490da3e 100644 --- a/2018/20xxx/CVE-2018-20025.json +++ b/2018/20xxx/CVE-2018-20025.json @@ -62,6 +62,11 @@ "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/", "refsource": "MISC", "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-037-codesys-control-v3-use-of-insufficiently-random-values/" + }, + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04" } ] } diff --git a/2018/20xxx/CVE-2018-20026.json b/2018/20xxx/CVE-2018-20026.json index 1208500ee77..8484c611e89 100644 --- a/2018/20xxx/CVE-2018-20026.json +++ b/2018/20xxx/CVE-2018-20026.json @@ -62,6 +62,11 @@ "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/", "refsource": "MISC", "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/12/19/klcert-18-036-codesys-control-v3-improper-communication-address-filtering/" + }, + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-352-04" } ] } diff --git a/2019/1010xxx/CVE-2019-1010260.json b/2019/1010xxx/CVE-2019-1010260.json index 68b260d16b6..f48fa093ba9 100644 --- a/2019/1010xxx/CVE-2019-1010260.json +++ b/2019/1010xxx/CVE-2019-1010260.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010260", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ktlint", + "version": { + "version_data": [ + { + "version_value": "0.29.0 and earlier [fixed: 0.30.0 and later - after commit 5e547b287d6c260d328a2cb658dbe6b7a7ff2261]" + } + ] + } + } + ] + }, + "vendor_name": "ktlint" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers. This vulnerability appears to have been fixed in 0.30.0 and later; after commit 5e547b287d6c260d328a2cb658dbe6b7a7ff2261." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/shyiko/ktlint/pull/332", + "refsource": "MISC", + "name": "https://github.com/shyiko/ktlint/pull/332" } ] } diff --git a/2019/5xxx/CVE-2019-5515.json b/2019/5xxx/CVE-2019-5515.json index 7e91c048fc9..9966095eccf 100644 --- a/2019/5xxx/CVE-2019-5515.json +++ b/2019/5xxx/CVE-2019-5515.json @@ -1,17 +1,85 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5515", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5515", + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VMware", + "product": { + "product_data": [ + { + "product_name": "VMware Workstation and Fusion", + "version": { + "version_data": [ + { + "version_value": "Workstation 15.x before 15.0.3" + }, + { + "version_value": "Workstation 14.x before 14.1.6" + }, + { + "version_value": "Fusion 11.x before 11.0.3" + }, + { + "version_value": "Fusion 10.x before 10.1.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds write vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-306/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-306/" + }, + { + "refsource": "BID", + "name": "107634", + "url": "https://www.securityfocus.com/bid/107634" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html", + "url": "https://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest." } ] } diff --git a/2019/5xxx/CVE-2019-5524.json b/2019/5xxx/CVE-2019-5524.json index c419c4bfd37..9a1d2257ac9 100644 --- a/2019/5xxx/CVE-2019-5524.json +++ b/2019/5xxx/CVE-2019-5524.json @@ -1,17 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5524", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5524", + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VMware", + "product": { + "product_data": [ + { + "product_name": "VMware Workstation, VMware Fusion", + "version": { + "version_data": [ + { + "version_value": "Workstation (14.x before 14.1.6)" + }, + { + "version_value": "Fusion (10.x before 10.1.6)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds write vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html", + "url": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html" + }, + { + "refsource": "BID", + "name": "107635", + "url": "http://www.securityfocus.com/bid/107635" + }, + { + "refsource": "CONFIRM", + "name": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Workstation (14.x before 14.1.6) and Fusion (10.x before 10.1.6) contain an out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host." } ] } diff --git a/2019/7xxx/CVE-2019-7524.json b/2019/7xxx/CVE-2019-7524.json index 0e18ab72dea..27b1d4c29cf 100644 --- a/2019/7xxx/CVE-2019-7524.json +++ b/2019/7xxx/CVE-2019-7524.json @@ -86,6 +86,11 @@ "refsource": "UBUNTU", "name": "USN-3928-1", "url": "https://usn.ubuntu.com/3928-1/" + }, + { + "refsource": "BID", + "name": "107672", + "url": "http://www.securityfocus.com/bid/107672" } ] }, diff --git a/2019/9xxx/CVE-2019-9956.json b/2019/9xxx/CVE-2019-9956.json index d41db866616..a044f05e466 100644 --- a/2019/9xxx/CVE-2019-9956.json +++ b/2019/9xxx/CVE-2019-9956.json @@ -61,6 +61,11 @@ "refsource": "BID", "name": "107546", "url": "http://www.securityfocus.com/bid/107546" + }, + { + "refsource": "BID", + "name": "107672", + "url": "http://www.securityfocus.com/bid/107672" } ] }