From 7727dc44e9b7beaba56b48fb9c09e7574f34277f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 24 Apr 2019 16:00:48 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/10xxx/CVE-2017-10204.json | 5 + 2018/20xxx/CVE-2018-20250.json | 5 + 2019/11xxx/CVE-2019-11223.json | 5 + 2019/11xxx/CVE-2019-11234.json | 5 + 2019/11xxx/CVE-2019-11235.json | 5 + 2019/11xxx/CVE-2019-11446.json | 5 - 2019/2xxx/CVE-2019-2721.json | 5 + 2019/3xxx/CVE-2019-3719.json | 5 - 2019/3xxx/CVE-2019-3786.json | 156 ++++++++++++++--------------- 2019/3xxx/CVE-2019-3789.json | 156 ++++++++++++++--------------- 2019/3xxx/CVE-2019-3793.json | 174 ++++++++++++++++----------------- 2019/3xxx/CVE-2019-3868.json | 7 +- 2019/3xxx/CVE-2019-3882.json | 5 +- 2019/6xxx/CVE-2019-6579.json | 7 +- 14 files changed, 286 insertions(+), 259 deletions(-) diff --git a/2017/10xxx/CVE-2017-10204.json b/2017/10xxx/CVE-2017-10204.json index c613f9b2785..206d95d7e8d 100644 --- a/2017/10xxx/CVE-2017-10204.json +++ b/2017/10xxx/CVE-2017-10204.json @@ -72,6 +72,11 @@ "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152617/VirtualBox-COM-RPC-Interface-Code-Injection-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/152617/VirtualBox-COM-RPC-Interface-Code-Injection-Privilege-Escalation.html" } ] } diff --git a/2018/20xxx/CVE-2018-20250.json b/2018/20xxx/CVE-2018-20250.json index 632aedbc477..23c42998a35 100644 --- a/2018/20xxx/CVE-2018-20250.json +++ b/2018/20xxx/CVE-2018-20250.json @@ -77,6 +77,11 @@ "name": "https://www.win-rar.com/whatsnew.html", "refsource": "MISC", "url": "https://www.win-rar.com/whatsnew.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html" } ] } diff --git a/2019/11xxx/CVE-2019-11223.json b/2019/11xxx/CVE-2019-11223.json index c0379314010..d0157a8bf81 100644 --- a/2019/11xxx/CVE-2019-11223.json +++ b/2019/11xxx/CVE-2019-11223.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.pluginvulnerabilities.com/2019/04/05/arbitrary-file-upload-vulnerability-in-supportcandy/", "url": "https://www.pluginvulnerabilities.com/2019/04/05/arbitrary-file-upload-vulnerability-in-supportcandy/" + }, + { + "refsource": "MISC", + "name": "https://cert.kalasag.com.ph/news/research/vulnerable-wordpress-plugin-lets-you-take-over-websites/", + "url": "https://cert.kalasag.com.ph/news/research/vulnerable-wordpress-plugin-lets-you-take-over-websites/" } ] } diff --git a/2019/11xxx/CVE-2019-11234.json b/2019/11xxx/CVE-2019-11234.json index d6dafd54b75..8b04428652d 100644 --- a/2019/11xxx/CVE-2019-11234.json +++ b/2019/11xxx/CVE-2019-11234.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783" + }, + { + "refsource": "UBUNTU", + "name": "USN-3954-1", + "url": "https://usn.ubuntu.com/3954-1/" } ] } diff --git a/2019/11xxx/CVE-2019-11235.json b/2019/11xxx/CVE-2019-11235.json index cca6e00f638..2d420a8b449 100644 --- a/2019/11xxx/CVE-2019-11235.json +++ b/2019/11xxx/CVE-2019-11235.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748" + }, + { + "refsource": "UBUNTU", + "name": "USN-3954-1", + "url": "https://usn.ubuntu.com/3954-1/" } ] } diff --git a/2019/11xxx/CVE-2019-11446.json b/2019/11xxx/CVE-2019-11446.json index 3b8bbcd9727..9057288757f 100644 --- a/2019/11xxx/CVE-2019-11446.json +++ b/2019/11xxx/CVE-2019-11446.json @@ -57,11 +57,6 @@ "name": "46691", "url": "https://www.exploit-db.com/exploits/46691/" }, - { - "url": "https://www.exploit-db.com/exploits/46691", - "refsource": "MISC", - "name": "https://www.exploit-db.com/exploits/46691" - }, { "url": "http://pentest.com.tr/exploits/ATutor-2-2-4-file-manager-Remote-Code-Execution-Injection-Metasploit.html", "refsource": "MISC", diff --git a/2019/2xxx/CVE-2019-2721.json b/2019/2xxx/CVE-2019-2721.json index f21d5717436..b05a2593ad3 100644 --- a/2019/2xxx/CVE-2019-2721.json +++ b/2019/2xxx/CVE-2019-2721.json @@ -61,6 +61,11 @@ "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "refsource": "MISC", "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46747", + "url": "https://www.exploit-db.com/exploits/46747/" } ] } diff --git a/2019/3xxx/CVE-2019-3719.json b/2019/3xxx/CVE-2019-3719.json index 470070245c4..971121fe7a6 100644 --- a/2019/3xxx/CVE-2019-3719.json +++ b/2019/3xxx/CVE-2019-3719.json @@ -83,11 +83,6 @@ "refsource": "MISC", "url": "https://www.dell.com/support/article/us/en/19/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en", "name": "https://www.dell.com/support/article/us/en/19/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en" - }, - { - "refsource": "BID", - "name": "108020", - "url": "http://www.securityfocus.com/bid/108020" } ] }, diff --git a/2019/3xxx/CVE-2019-3786.json b/2019/3xxx/CVE-2019-3786.json index e91d3f10f67..38737c15a62 100644 --- a/2019/3xxx/CVE-2019-3786.json +++ b/2019/3xxx/CVE-2019-3786.json @@ -1,85 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2019-04-08T00:00:00.000Z", - "ID": "CVE-2019-3786", - "STATE": "PUBLIC", - "TITLE": "BBR could run arbitrary scripts on deployment VMs" - }, - "source": { - "discovery": "UNKNOWN" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "BOSH Backup and Restore", - "version": { - "version_data": [ - { - "affected": "<", - "version_name": "All", - "version_value": "v1.5.0" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2019-04-08T00:00:00.000Z", + "ID": "CVE-2019-3786", + "STATE": "PUBLIC", + "TITLE": "BBR could run arbitrary scripts on deployment VMs" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BOSH Backup and Restore", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "All", + "version_value": "v1.5.0" + } + ] + } + } + ] + }, + "vendor_name": "Cloud Foundry" } - } ] - }, - "vendor_name": "Cloud Foundry" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. The exploited hooks in this metadata script were only maintained in the cfcr-etcd-release, so clusters deployed with the BBR job for etcd in this release are vulnerable." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-269: Improper Privilege Management" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cloud Foundry BOSH Backup and Restore CLI, all versions prior to 1.5.0, does not check the authenticity of backup scripts in BOSH. A remote authenticated malicious user can modify the metadata file of a Bosh Backup and Restore job to request extra backup files from different jobs upon restore. The exploited hooks in this metadata script were only maintained in the cfcr-etcd-release, so clusters deployed with the BBR job for etcd in this release are vulnerable." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://www.cloudfoundry.org/blog/cve-2019-3786", - "name": "https://www.cloudfoundry.org/blog/cve-2019-3786" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 7.7, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/blog/cve-2019-3786", + "name": "https://www.cloudfoundry.org/blog/cve-2019-3786" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3789.json b/2019/3xxx/CVE-2019-3789.json index cda1f2171ea..7bfd3228d41 100644 --- a/2019/3xxx/CVE-2019-3789.json +++ b/2019/3xxx/CVE-2019-3789.json @@ -1,85 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2019-04-16T00:00:00.000Z", - "ID": "CVE-2019-3789", - "STATE": "PUBLIC", - "TITLE": "Gorouter allows space developer to hijack route services hosted outside the platform" - }, - "source": { - "discovery": "UNKNOWN" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "CF Routing", - "version": { - "version_data": [ - { - "affected": "<", - "version_name": "All", - "version_value": "0.188.0" - } - ] + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2019-04-16T00:00:00.000Z", + "ID": "CVE-2019-3789", + "STATE": "PUBLIC", + "TITLE": "Gorouter allows space developer to hijack route services hosted outside the platform" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CF Routing", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "All", + "version_value": "0.188.0" + } + ] + } + } + ] + }, + "vendor_name": "Cloud Foundry" } - } ] - }, - "vendor_name": "Cloud Foundry" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that route to an app. When the gorouter receives traffic destined for the external route service, this traffic will instead be directed to the internal app using the shadow route." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-840: Business Logic Errors" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that route to an app. When the gorouter receives traffic destined for the external route service, this traffic will instead be directed to the internal app using the shadow route." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://www.cloudfoundry.org/blog/cve-2019-3789", - "name": "https://www.cloudfoundry.org/blog/cve-2019-3789" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "LOW", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-840: Business Logic Errors" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://www.cloudfoundry.org/blog/cve-2019-3789", + "name": "https://www.cloudfoundry.org/blog/cve-2019-3789" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3793.json b/2019/3xxx/CVE-2019-3793.json index 7011e614b2c..ba97eb5f996 100644 --- a/2019/3xxx/CVE-2019-3793.json +++ b/2019/3xxx/CVE-2019-3793.json @@ -1,95 +1,95 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "secure@dell.com", - "DATE_PUBLIC": "2019-04-16T15:45:27.000Z", - "ID": "CVE-2019-3793", - "STATE": "PUBLIC", - "TITLE": "Invitations Service supports HTTP connections" - }, - "source": { - "discovery": "UNKNOWN" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Apps Manager", - "version": { - "version_data": [ - { - "affected": "<", - "version_name": "666", - "version_value": "666.0.21" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "DATE_PUBLIC": "2019-04-16T15:45:27.000Z", + "ID": "CVE-2019-3793", + "STATE": "PUBLIC", + "TITLE": "Invitations Service supports HTTP connections" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apps Manager", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "666", + "version_value": "666.0.21" + }, + { + "affected": "<", + "version_name": "667", + "version_value": "667.0.7" + }, + { + "affected": "<", + "version_name": "665", + "version_value": "665.0.28" + } + ] + } + } + ] }, - { - "affected": "<", - "version_name": "667", - "version_value": "667.0.7" - }, - { - "affected": "<", - "version_name": "665", - "version_value": "665.0.28" - } - ] + "vendor_name": "Pivotal" } - } ] - }, - "vendor_name": "Pivotal" } - ] - } - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization credentials used to make the invitation requests." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-300: Man-in-the-Middle" - } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pivotal Apps Manager Release, versions 665.0.x prior to 665.0.28, versions 666.0.x prior to 666.0.21, versions 667.0.x prior to 667.0.7, contain an invitation service that accepts HTTP. A remote unauthenticated user could listen to network traffic and gain access to the authorization credentials used to make the invitation requests." + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://pivotal.io/security/cve-2019-3793", - "name": "https://pivotal.io/security/cve-2019-3793" - } - ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 8.1, - "baseSeverity": "HIGH", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "NONE", - "scope": "UNCHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", - "version": "3.0" + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-300: Man-in-the-Middle" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2019-3793", + "name": "https://pivotal.io/security/cve-2019-3793" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "version": "3.0" + } } - } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3868.json b/2019/3xxx/CVE-2019-3868.json index 8a2ea25c304..073d7b5a692 100644 --- a/2019/3xxx/CVE-2019-3868.json +++ b/2019/3xxx/CVE-2019-3868.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-3868", - "ASSIGNER": "lpardo@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -54,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user’s browser session." + "value": "Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user\u2019s browser session." } ] }, @@ -68,4 +69,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3882.json b/2019/3xxx/CVE-2019-3882.json index 585fbc4e0f5..babda74cf05 100644 --- a/2019/3xxx/CVE-2019-3882.json +++ b/2019/3xxx/CVE-2019-3882.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-3882", - "ASSIGNER": "psampaio@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -68,4 +69,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6579.json b/2019/6xxx/CVE-2019-6579.json index 52723883c7f..abcd6f0accc 100644 --- a/2019/6xxx/CVE-2019-6579.json +++ b/2019/6xxx/CVE-2019-6579.json @@ -44,6 +44,11 @@ }, "references": { "reference_data": [ + { + "refsource": "BID", + "name": "107830", + "url": "http://www.securityfocus.com/bid/107830" + }, { "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324467.pdf", @@ -55,7 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Spectrum Power\u2122 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }