diff --git a/2018/15xxx/CVE-2018-15317.json b/2018/15xxx/CVE-2018-15317.json index 4555f4b2d55..1c09a1a1ef6 100644 --- a/2018/15xxx/CVE-2018-15317.json +++ b/2018/15xxx/CVE-2018-15317.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BAD_RECORD_MAC errors. Clients will be unable to access the application load balanced by a virtual server with an SSL profile until tmm is restarted." + "value": "In BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, and 11.2.1-11.6.3.2, an attacker sending specially crafted SSL records to a SSL Virtual Server will cause corruption in the SSL data structures leading to intermittent decrypt BAD_RECORD_MAC errors. Clients will be unable to access the application load balanced by a virtual server with an SSL profile until tmm is restarted." } ] }, diff --git a/2018/16xxx/CVE-2018-16868.json b/2018/16xxx/CVE-2018-16868.json index 624b76141c3..a1c5f1c6a88 100644 --- a/2018/16xxx/CVE-2018-16868.json +++ b/2018/16xxx/CVE-2018-16868.json @@ -76,6 +76,11 @@ "name": "106080", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106080" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1353", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html" } ] } diff --git a/2018/19xxx/CVE-2018-19525.json b/2018/19xxx/CVE-2018-19525.json index 0726a3d2114..a535dfe1784 100644 --- a/2018/19xxx/CVE-2018-19525.json +++ b/2018/19xxx/CVE-2018-19525.json @@ -58,14 +58,19 @@ "name": "http://packetstormsecurity.com/files/151647/SYSTORME-ISG-Cross-Site-Request-Forgery.html" }, { - "url": "http://breakthesec.com", - "refsource": "MISC", - "name": "http://breakthesec.com" + "refsource": "FULLDISC", + "name": "20190212 KSA-Dev-002: CVE-2018-19525 : Account takeover via XSRF in All ISG Series Firewall", + "url": "http://seclists.org/fulldisclosure/2019/Feb/31" }, { - "url": "http://seclists.org/fulldisclosure/2019/Feb/31", "refsource": "MISC", - "name": "http://seclists.org/fulldisclosure/2019/Feb/31" + "name": "https://s3curityb3ast.github.io/KSA-Dev-002.md", + "url": "https://s3curityb3ast.github.io/KSA-Dev-002.md" + }, + { + "refsource": "MISC", + "name": "https://www.breakthesec.com/2019/02/cve-2018-19525-account-takeover-via.html", + "url": "https://www.breakthesec.com/2019/02/cve-2018-19525-account-takeover-via.html" } ] } diff --git a/2018/19xxx/CVE-2018-19636.json b/2018/19xxx/CVE-2018-19636.json index 004b1d4bed1..bd021a9ab1b 100644 --- a/2018/19xxx/CVE-2018-19636.json +++ b/2018/19xxx/CVE-2018-19636.json @@ -81,6 +81,11 @@ "name": "https://bugzilla.suse.com/show_bug.cgi?id=1117751", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1117751" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1351", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html" } ] }, diff --git a/2018/19xxx/CVE-2018-19637.json b/2018/19xxx/CVE-2018-19637.json index 1a02bfd6823..4398f01e097 100644 --- a/2018/19xxx/CVE-2018-19637.json +++ b/2018/19xxx/CVE-2018-19637.json @@ -81,6 +81,11 @@ "name": "https://bugzilla.suse.com/show_bug.cgi?id=1117776", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1117776" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1351", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html" } ] }, diff --git a/2018/19xxx/CVE-2018-19638.json b/2018/19xxx/CVE-2018-19638.json index 5e569d833d1..62a6ddebb97 100644 --- a/2018/19xxx/CVE-2018-19638.json +++ b/2018/19xxx/CVE-2018-19638.json @@ -81,6 +81,11 @@ "name": "https://bugzilla.suse.com/show_bug.cgi?id=1118460", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1118460" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1351", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html" } ] }, diff --git a/2018/19xxx/CVE-2018-19639.json b/2018/19xxx/CVE-2018-19639.json index 74cc442b36e..3e6f42e2de2 100644 --- a/2018/19xxx/CVE-2018-19639.json +++ b/2018/19xxx/CVE-2018-19639.json @@ -81,6 +81,11 @@ "name": "https://bugzilla.suse.com/show_bug.cgi?id=1118462", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1118462" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1351", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html" } ] }, diff --git a/2018/19xxx/CVE-2018-19640.json b/2018/19xxx/CVE-2018-19640.json index 7c7a3aca1c7..5aee6e49efd 100644 --- a/2018/19xxx/CVE-2018-19640.json +++ b/2018/19xxx/CVE-2018-19640.json @@ -81,6 +81,11 @@ "name": "https://bugzilla.suse.com/show_bug.cgi?id=1118463", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1118463" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1351", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html" } ] }, diff --git a/2019/0xxx/CVE-2019-0161.json b/2019/0xxx/CVE-2019-0161.json index 0cd43c86ed0..d058a737645 100644 --- a/2019/0xxx/CVE-2019-0161.json +++ b/2019/0xxx/CVE-2019-0161.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html", "url": "https://edk2-docs.gitbooks.io/security-advisory/content/xhci-stack-local-stack-overflow.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1352", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00019.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3829.json b/2019/3xxx/CVE-2019-3829.json index 5c9197e733d..03de320b568 100644 --- a/2019/3xxx/CVE-2019-3829.json +++ b/2019/3xxx/CVE-2019-3829.json @@ -81,6 +81,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-14", "url": "https://security.gentoo.org/glsa/201904-14" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1353", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3836.json b/2019/3xxx/CVE-2019-3836.json index 5d4502822f7..6178ff4476a 100644 --- a/2019/3xxx/CVE-2019-3836.json +++ b/2019/3xxx/CVE-2019-3836.json @@ -68,6 +68,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190502-0005/", "url": "https://security.netapp.com/advisory/ntap-20190502-0005/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:1353", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html" } ] }, diff --git a/2019/5xxx/CVE-2019-5736.json b/2019/5xxx/CVE-2019-5736.json index 903ae471672..83cb226c3d9 100644 --- a/2019/5xxx/CVE-2019-5736.json +++ b/2019/5xxx/CVE-2019-5736.json @@ -246,6 +246,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:0975", "url": "https://access.redhat.com/errata/RHSA-2019:0975" + }, + { + "refsource": "MISC", + "name": "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/", + "url": "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/" + }, + { + "refsource": "MISC", + "name": "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/", + "url": "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/" } ] } diff --git a/2019/7xxx/CVE-2019-7384.json b/2019/7xxx/CVE-2019-7384.json index a2efa088f78..30f5746aca3 100644 --- a/2019/7xxx/CVE-2019-7384.json +++ b/2019/7xxx/CVE-2019-7384.json @@ -68,19 +68,14 @@ "url": "http://www.securityfocus.com/bid/107033" }, { - "url": "http://www.breakthesec.com/search/label/0day", "refsource": "MISC", - "name": "http://www.breakthesec.com/search/label/0day" + "name": "https://s3curityb3ast.github.io/KSA-Dev-005.md", + "url": "https://s3curityb3ast.github.io/KSA-Dev-005.md" }, { - "url": "https://s3curityb3ast.github.io", "refsource": "MISC", - "name": "https://s3curityb3ast.github.io" - }, - { - "url": "http://www.breakthesec.com", - "refsource": "MISC", - "name": "http://www.breakthesec.com" + "name": "https://www.breakthesec.com/2019/02/cve-2019-7384-authenticated-remote-code.html", + "url": "https://www.breakthesec.com/2019/02/cve-2019-7384-authenticated-remote-code.html" } ] } diff --git a/2019/7xxx/CVE-2019-7387.json b/2019/7xxx/CVE-2019-7387.json index cc8e26a310a..5df1f2a5098 100644 --- a/2019/7xxx/CVE-2019-7387.json +++ b/2019/7xxx/CVE-2019-7387.json @@ -53,14 +53,14 @@ "references": { "reference_data": [ { - "name": "https://github.com/s3curityb3ast/s3curityb3ast.github.io/blob/master/KSA-Dev-004.txt", "refsource": "MISC", - "url": "https://github.com/s3curityb3ast/s3curityb3ast.github.io/blob/master/KSA-Dev-004.txt" + "name": "https://s3curityb3ast.github.io/KSA-Dev-004.md", + "url": "https://s3curityb3ast.github.io/KSA-Dev-004.md" }, { - "name": "https://s3curityb3ast.github.io/KSA-Dev-004.txt", "refsource": "MISC", - "url": "https://s3curityb3ast.github.io/KSA-Dev-004.txt" + "name": "https://www.breakthesec.com/2019/02/cve-2019-7387-authenticated-arbitrary.html", + "url": "https://www.breakthesec.com/2019/02/cve-2019-7387-authenticated-arbitrary.html" } ] } diff --git a/2019/7xxx/CVE-2019-7442.json b/2019/7xxx/CVE-2019-7442.json index e33dd65ce4c..47d870e760f 100644 --- a/2019/7xxx/CVE-2019-7442.json +++ b/2019/7xxx/CVE-2019-7442.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-7442", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault <=10.7 allows remote attackers to read arbitrary files or potentially bypass authentication via a crafted DTD in the SAML authentication system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.octority.com/2019/05/07/cyberark-enterprise-password-vault-xml-external-entity-xxe-injection/", + "url": "https://www.octority.com/2019/05/07/cyberark-enterprise-password-vault-xml-external-entity-xxe-injection/" } ] }