"-Synchronized-Data."

2017/10xxx/CVE-2017-10204.json

@@ -72,6 +72,11 @@
                 "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
                 "refsource": "CONFIRM",
                 "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/152617/VirtualBox-COM-RPC-Interface-Code-Injection-Privilege-Escalation.html",
+                "url": "http://packetstormsecurity.com/files/152617/VirtualBox-COM-RPC-Interface-Code-Injection-Privilege-Escalation.html"
             }
         ]
     }

2018/20xxx/CVE-2018-20250.json

@@ -77,6 +77,11 @@
                 "name": "https://www.win-rar.com/whatsnew.html",
                 "refsource": "MISC",
                 "url": "https://www.win-rar.com/whatsnew.html"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html",
+                "url": "http://packetstormsecurity.com/files/152618/RARLAB-WinRAR-ACE-Format-Input-Validation-Remote-Code-Execution.html"
             }
         ]
     }

2019/11xxx/CVE-2019-11223.json

@@ -61,6 +61,11 @@
                 "refsource": "MISC",
                 "name": "https://www.pluginvulnerabilities.com/2019/04/05/arbitrary-file-upload-vulnerability-in-supportcandy/",
                 "url": "https://www.pluginvulnerabilities.com/2019/04/05/arbitrary-file-upload-vulnerability-in-supportcandy/"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://cert.kalasag.com.ph/news/research/vulnerable-wordpress-plugin-lets-you-take-over-websites/",
+                "url": "https://cert.kalasag.com.ph/news/research/vulnerable-wordpress-plugin-lets-you-take-over-websites/"
             }
         ]
     }

2019/11xxx/CVE-2019-11234.json

@@ -76,6 +76,11 @@
                 "refsource": "CONFIRM",
                 "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783",
                 "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695783"
+            },
+            {
+                "refsource": "UBUNTU",
+                "name": "USN-3954-1",
+                "url": "https://usn.ubuntu.com/3954-1/"
             }
         ]
     }

2019/11xxx/CVE-2019-11235.json

@@ -76,6 +76,11 @@
                 "refsource": "CONFIRM",
                 "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748",
                 "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695748"
+            },
+            {
+                "refsource": "UBUNTU",
+                "name": "USN-3954-1",
+                "url": "https://usn.ubuntu.com/3954-1/"
             }
         ]
     }

2019/11xxx/CVE-2019-11446.json

@@ -57,11 +57,6 @@
                 "name": "46691",
                 "url": "https://www.exploit-db.com/exploits/46691/"
             },
-            {
-                "url": "https://www.exploit-db.com/exploits/46691",
-                "refsource": "MISC",
-                "name": "https://www.exploit-db.com/exploits/46691"
-            },
             {
                 "url": "http://pentest.com.tr/exploits/ATutor-2-2-4-file-manager-Remote-Code-Execution-Injection-Metasploit.html",
                 "refsource": "MISC",

2019/2xxx/CVE-2019-2721.json

@@ -61,6 +61,11 @@
                 "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
                 "refsource": "MISC",
                 "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
+            },
+            {
+                "refsource": "EXPLOIT-DB",
+                "name": "46747",
+                "url": "https://www.exploit-db.com/exploits/46747/"
             }
         ]
     }

2019/3xxx/CVE-2019-3719.json

@@ -83,11 +83,6 @@
                 "refsource": "MISC",
                 "url": "https://www.dell.com/support/article/us/en/19/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en",
                 "name": "https://www.dell.com/support/article/us/en/19/sln316857/dsa-2019-051-dell-supportassist-client-multiple-vulnerabilities?lang=en"
-            },
-            {
-                "refsource": "BID",
-                "name": "108020",
-                "url": "http://www.securityfocus.com/bid/108020"
             }
         ]
     },

2019/3xxx/CVE-2019-3786.json

@@ -3,7 +3,7 @@
     "data_format": "MITRE",
     "data_version": "4.0",
     "CVE_data_meta": {
-    "ASSIGNER": "secure@dell.com",
+        "ASSIGNER": "security_alert@emc.com",
         "DATE_PUBLIC": "2019-04-08T00:00:00.000Z",
         "ID": "CVE-2019-3786",
         "STATE": "PUBLIC",

2019/3xxx/CVE-2019-3789.json

@@ -3,7 +3,7 @@
     "data_format": "MITRE",
     "data_version": "4.0",
     "CVE_data_meta": {
-    "ASSIGNER": "secure@dell.com",
+        "ASSIGNER": "security_alert@emc.com",
         "DATE_PUBLIC": "2019-04-16T00:00:00.000Z",
         "ID": "CVE-2019-3789",
         "STATE": "PUBLIC",

2019/3xxx/CVE-2019-3793.json

@@ -3,7 +3,7 @@
     "data_format": "MITRE",
     "data_version": "4.0",
     "CVE_data_meta": {
-    "ASSIGNER": "secure@dell.com",
+        "ASSIGNER": "security_alert@emc.com",
         "DATE_PUBLIC": "2019-04-16T15:45:27.000Z",
         "ID": "CVE-2019-3793",
         "STATE": "PUBLIC",

2019/3xxx/CVE-2019-3868.json

@@ -4,7 +4,8 @@
     "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2019-3868",
-        "ASSIGNER": "lpardo@redhat.com"
+        "ASSIGNER": "secalert@redhat.com",
+        "STATE": "PUBLIC"
     },
     "affects": {
         "vendor": {
@@ -54,7 +55,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user’s browser session."
+                "value": "Keycloak up to version 6.0.0 allows the end user token (access or id token JWT) to be used as the session cookie for browser sessions for OIDC. As a result an attacker with access to service provider backend could hijack user\u2019s browser session."
             }
         ]
     },

2019/3xxx/CVE-2019-3882.json

@@ -4,7 +4,8 @@
     "data_version": "4.0",
     "CVE_data_meta": {
         "ID": "CVE-2019-3882",
-        "ASSIGNER": "psampaio@redhat.com"
+        "ASSIGNER": "secalert@redhat.com",
+        "STATE": "PUBLIC"
     },
     "affects": {
         "vendor": {

2019/6xxx/CVE-2019-6579.json

@@ -44,6 +44,11 @@
     },
     "references": {
         "reference_data": [
+            {
+                "refsource": "BID",
+                "name": "107830",
+                "url": "http://www.securityfocus.com/bid/107830"
+            },
             {
                 "refsource": "MISC",
                 "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324467.pdf",
@@ -55,7 +60,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "A vulnerability has been identified in Spectrum Power\u2122 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known."
+                "value": "A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known."
             }
         ]
     }