diff --git a/2018/10xxx/CVE-2018-10844.json b/2018/10xxx/CVE-2018-10844.json index fd1f8d5f1c2..402de551d01 100644 --- a/2018/10xxx/CVE-2018-10844.json +++ b/2018/10xxx/CVE-2018-10844.json @@ -96,6 +96,11 @@ "name": "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3999-1", + "url": "https://usn.ubuntu.com/3999-1/" } ] } diff --git a/2018/10xxx/CVE-2018-10845.json b/2018/10xxx/CVE-2018-10845.json index 12f836d5be9..c18ab574e6f 100644 --- a/2018/10xxx/CVE-2018-10845.json +++ b/2018/10xxx/CVE-2018-10845.json @@ -96,6 +96,11 @@ "name": "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3999-1", + "url": "https://usn.ubuntu.com/3999-1/" } ] } diff --git a/2018/10xxx/CVE-2018-10846.json b/2018/10xxx/CVE-2018-10846.json index 4359088abef..75056abd53b 100644 --- a/2018/10xxx/CVE-2018-10846.json +++ b/2018/10xxx/CVE-2018-10846.json @@ -96,6 +96,11 @@ "name": "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3999-1", + "url": "https://usn.ubuntu.com/3999-1/" } ] } diff --git a/2018/12xxx/CVE-2018-12126.json b/2018/12xxx/CVE-2018-12126.json index 3996e3462d8..820ccd7b3cb 100644 --- a/2018/12xxx/CVE-2018-12126.json +++ b/2018/12xxx/CVE-2018-12126.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-12126", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-12126", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel Corporation", + "product": { + "product_data": [ + { + "product_name": "Central ProcCVE-2018-12126essing Units (CPUs)", + "version": { + "version_data": [ + { + "version_value": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" } ] } diff --git a/2018/12xxx/CVE-2018-12127.json b/2018/12xxx/CVE-2018-12127.json index b4955879e48..a0cd447471f 100644 --- a/2018/12xxx/CVE-2018-12127.json +++ b/2018/12xxx/CVE-2018-12127.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-12127", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-12127", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel Corporation", + "product": { + "product_data": [ + { + "product_name": "Central Processing Units (CPUs)", + "version": { + "version_data": [ + { + "version_value": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" } ] } diff --git a/2018/12xxx/CVE-2018-12130.json b/2018/12xxx/CVE-2018-12130.json index 1cedb5ee93c..ad2907337b0 100644 --- a/2018/12xxx/CVE-2018-12130.json +++ b/2018/12xxx/CVE-2018-12130.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-12130", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-12130", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel Corporation", + "product": { + "product_data": [ + { + "product_name": "Central Processing Units (CPUs)", + "version": { + "version_data": [ + { + "version_value": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" } ] } diff --git a/2018/15xxx/CVE-2018-15131.json b/2018/15xxx/CVE-2018-15131.json index f9cddbab557..b61eae3f8f5 100644 --- a/2018/15xxx/CVE-2018-15131.json +++ b/2018/15xxx/CVE-2018-15131.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15131", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of authentication requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109012", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109012" } ] } diff --git a/2018/15xxx/CVE-2018-15587.json b/2018/15xxx/CVE-2018-15587.json index 1bf6144c02c..b22f9e885c2 100644 --- a/2018/15xxx/CVE-2018-15587.json +++ b/2018/15xxx/CVE-2018-15587.json @@ -96,6 +96,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1453", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00061.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3998-1", + "url": "https://usn.ubuntu.com/3998-1/" } ] } diff --git a/2018/20xxx/CVE-2018-20840.json b/2018/20xxx/CVE-2018-20840.json new file mode 100644 index 00000000000..b4762b8eaa8 --- /dev/null +++ b/2018/20xxx/CVE-2018-20840.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unhandled exception vulnerability exists during Google Sign-In with Google API C++ Client before 2019-04-10. It potentially causes an outage of third-party services that were not designed to recover from exceptions. On the client, ID token handling can cause an unhandled exception because of misinterpretation of an integer as a string, resulting in denial-of-service and then other users can no longer login/sign-in to the affected third-party service. Once this third-party service uses Google Sign-In with google-api-cpp-client, a malicious user can trigger this client/auth/oauth2_authorization.cc vulnerability by requesting the client to receive the ID token from a Google authentication server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/google/google-api-cpp-client/pull/58", + "refsource": "MISC", + "name": "https://github.com/google/google-api-cpp-client/pull/58" + }, + { + "url": "https://github.com/google/google-api-cpp-client/issues/57", + "refsource": "MISC", + "name": "https://github.com/google/google-api-cpp-client/issues/57" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8029.json b/2018/8xxx/CVE-2018-8029.json index 140e11f94fb..3a0f4695d35 100644 --- a/2018/8xxx/CVE-2018-8029.json +++ b/2018/8xxx/CVE-2018-8029.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-8029", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-8029", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache Hadoop", + "version": { + "version_data": [ + { + "version_value": "Apache Hadoop 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, 2.2.0 to 2.8.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://lists.apache.org/thread.html/17084c09e6dedf60efe08028b429c92ffd28aacc28454e4fa924578a@%3Cgeneral.hadoop.apache.org%3E", + "url": "https://lists.apache.org/thread.html/17084c09e6dedf60efe08028b429c92ffd28aacc28454e4fa924578a@%3Cgeneral.hadoop.apache.org%3E" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user." } ] } diff --git a/2019/11xxx/CVE-2019-11091.json b/2019/11xxx/CVE-2019-11091.json index 328d1c359ef..4d5a9c2d89a 100644 --- a/2019/11xxx/CVE-2019-11091.json +++ b/2019/11xxx/CVE-2019-11091.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11091", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel Corporation", + "product": { + "product_data": [ + { + "product_name": "Central Processing Units (CPUs)", + "version": { + "version_data": [ + { + "version_value": "A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf" } ] } diff --git a/2019/12xxx/CVE-2019-12466.json b/2019/12xxx/CVE-2019-12466.json new file mode 100644 index 00000000000..5921f7df6c6 --- /dev/null +++ b/2019/12xxx/CVE-2019-12466.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12466", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12467.json b/2019/12xxx/CVE-2019-12467.json new file mode 100644 index 00000000000..3b32b75f5e2 --- /dev/null +++ b/2019/12xxx/CVE-2019-12467.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12467", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12468.json b/2019/12xxx/CVE-2019-12468.json new file mode 100644 index 00000000000..92798d1007a --- /dev/null +++ b/2019/12xxx/CVE-2019-12468.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12468", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12469.json b/2019/12xxx/CVE-2019-12469.json new file mode 100644 index 00000000000..7f4bd781881 --- /dev/null +++ b/2019/12xxx/CVE-2019-12469.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12469", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12470.json b/2019/12xxx/CVE-2019-12470.json new file mode 100644 index 00000000000..98bda874066 --- /dev/null +++ b/2019/12xxx/CVE-2019-12470.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12470", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12471.json b/2019/12xxx/CVE-2019-12471.json new file mode 100644 index 00000000000..884ef3b8016 --- /dev/null +++ b/2019/12xxx/CVE-2019-12471.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12471", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12472.json b/2019/12xxx/CVE-2019-12472.json new file mode 100644 index 00000000000..cc07af229fd --- /dev/null +++ b/2019/12xxx/CVE-2019-12472.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12472", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12473.json b/2019/12xxx/CVE-2019-12473.json new file mode 100644 index 00000000000..618dd3ce7ce --- /dev/null +++ b/2019/12xxx/CVE-2019-12473.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12473", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12474.json b/2019/12xxx/CVE-2019-12474.json new file mode 100644 index 00000000000..0039214c0fe --- /dev/null +++ b/2019/12xxx/CVE-2019-12474.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12474", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3829.json b/2019/3xxx/CVE-2019-3829.json index 03de320b568..147d293489d 100644 --- a/2019/3xxx/CVE-2019-3829.json +++ b/2019/3xxx/CVE-2019-3829.json @@ -86,6 +86,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1353", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3999-1", + "url": "https://usn.ubuntu.com/3999-1/" } ] }, diff --git a/2019/3xxx/CVE-2019-3836.json b/2019/3xxx/CVE-2019-3836.json index 6178ff4476a..add7229f978 100644 --- a/2019/3xxx/CVE-2019-3836.json +++ b/2019/3xxx/CVE-2019-3836.json @@ -73,6 +73,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1353", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00017.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-3999-1", + "url": "https://usn.ubuntu.com/3999-1/" } ] }, diff --git a/2019/8xxx/CVE-2019-8457.json b/2019/8xxx/CVE-2019-8457.json index 6a016280a0e..2d355ca9509 100644 --- a/2019/8xxx/CVE-2019-8457.json +++ b/2019/8xxx/CVE-2019-8457.json @@ -1,17 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8457", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8457", + "ASSIGNER": "cve@checkpoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "SQLite", + "version": { + "version_data": [ + { + "version_value": "From 3.6.0 to 3.27.2 including" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125: Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.sqlite.org/src/info/90acdbfce9c08858", + "url": "https://www.sqlite.org/src/info/90acdbfce9c08858" + }, + { + "refsource": "MISC", + "name": "https://www.sqlite.org/releaselog/3_28_0.html", + "url": "https://www.sqlite.org/releaselog/3_28_0.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables." } ] }