diff --git a/2015/3xxx/CVE-2015-3956.json b/2015/3xxx/CVE-2015-3956.json index 2d9f69de48d..fbc0f7a7881 100644 --- a/2015/3xxx/CVE-2015-3956.json +++ b/2015/3xxx/CVE-2015-3956.json @@ -1,17 +1,81 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-3956", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-3956", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Hospira", + "product": { + "product_data": [ + { + "product_name": "Plum A+ Infusion System", + "version": { + "version_data": [ + { + "version_value": "<= 13.4" + } + ] + } + }, + { + "product_name": "Plum A+3 Infusion System", + "version": { + "version_data": [ + { + "version_value": "<= 13.6" + } + ] + } + }, + { + "product_name": "Symbiq Infusion System", + "version": { + "version_data": [ + { + "version_value": "<= 3.13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient verification of data authenticity CWE-345" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-161-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices on the host network. Hospira recommends that customers close Port 20/FTP and Port 23/TELNET on the affected devices. Hospira has also released the Plum 360 Infusion System which is not vulnerable to this issue." } ] } diff --git a/2017/7xxx/CVE-2017-7510.json b/2017/7xxx/CVE-2017-7510.json index 2acee06a364..a1ccb640ad9 100644 --- a/2017/7xxx/CVE-2017-7510.json +++ b/2017/7xxx/CVE-2017-7510.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2017-7510", - "ASSIGNER": "lpardo@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -58,4 +59,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16838.json b/2018/16xxx/CVE-2018-16838.json index ee94829826a..ed38819992e 100644 --- a/2018/16xxx/CVE-2018-16838.json +++ b/2018/16xxx/CVE-2018-16838.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2018-16838", - "ASSIGNER": "lpardo@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -68,4 +69,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2018/16xxx/CVE-2018-16858.json b/2018/16xxx/CVE-2018-16858.json index 58a718df00b..a10dba6a3b5 100644 --- a/2018/16xxx/CVE-2018-16858.json +++ b/2018/16xxx/CVE-2018-16858.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2018-16858", - "ASSIGNER": "lpardo@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -47,7 +48,9 @@ "references": { "reference_data": [ { - "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/" + "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/", + "refsource": "MISC", + "name": "https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858", @@ -74,4 +77,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5511.json b/2018/5xxx/CVE-2018-5511.json index 7733df2dd70..1913f42a25c 100644 --- a/2018/5xxx/CVE-2018-5511.json +++ b/2018/5xxx/CVE-2018-5511.json @@ -65,6 +65,11 @@ "refsource": "EXPLOIT-DB", "name": "46600", "url": "https://www.exploit-db.com/exploits/46600/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152213/VMware-Host-VMX-Process-Impersonation-Hijack-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/152213/VMware-Host-VMX-Process-Impersonation-Hijack-Privilege-Escalation.html" } ] } diff --git a/2019/10xxx/CVE-2019-10038.json b/2019/10xxx/CVE-2019-10038.json new file mode 100644 index 00000000000..042701d2668 --- /dev/null +++ b/2019/10xxx/CVE-2019-10038.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10038", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10039.json b/2019/10xxx/CVE-2019-10039.json new file mode 100644 index 00000000000..ab497a48d17 --- /dev/null +++ b/2019/10xxx/CVE-2019-10039.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10039", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10040.json b/2019/10xxx/CVE-2019-10040.json new file mode 100644 index 00000000000..3fc64eeda76 --- /dev/null +++ b/2019/10xxx/CVE-2019-10040.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10040", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10041.json b/2019/10xxx/CVE-2019-10041.json new file mode 100644 index 00000000000..f7655b4a1d6 --- /dev/null +++ b/2019/10xxx/CVE-2019-10041.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10041", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10042.json b/2019/10xxx/CVE-2019-10042.json new file mode 100644 index 00000000000..c4c4e70536d --- /dev/null +++ b/2019/10xxx/CVE-2019-10042.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-10042", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3808.json b/2019/3xxx/CVE-2019-3808.json index 1bba6371c52..3b9ad382259 100644 --- a/2019/3xxx/CVE-2019-3808.json +++ b/2019/3xxx/CVE-2019-3808.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-3808", - "ASSIGNER": "lpardo@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -57,12 +58,12 @@ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3808", "refsource": "CONFIRM" }, - { + { "url": "https://moodle.org/mod/forum/discuss.php?d=381228#p1536765", "name": "https://moodle.org/mod/forum/discuss.php?d=381228#p1536765", "refsource": "CONFIRM" }, - { + { "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395", "refsource": "CONFIRM" @@ -87,4 +88,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3809.json b/2019/3xxx/CVE-2019-3809.json index 90d9f284b5f..7c064d82296 100644 --- a/2019/3xxx/CVE-2019-3809.json +++ b/2019/3xxx/CVE-2019-3809.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-3809", - "ASSIGNER": "lpardo@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -48,12 +49,12 @@ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3809", "refsource": "CONFIRM" }, - { + { "url": "https://moodle.org/mod/forum/discuss.php?d=381229#p1536766", "name": "https://moodle.org/mod/forum/discuss.php?d=381229#p1536766", "refsource": "CONFIRM" }, - { + { "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64222", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64222", "refsource": "CONFIRM" @@ -78,4 +79,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3810.json b/2019/3xxx/CVE-2019-3810.json index 05622874b49..e8d2940503b 100644 --- a/2019/3xxx/CVE-2019-3810.json +++ b/2019/3xxx/CVE-2019-3810.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-3810", - "ASSIGNER": "lpardo@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -57,12 +58,12 @@ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810", "refsource": "CONFIRM" }, - { + { "url": "https://moodle.org/mod/forum/discuss.php?d=381230#p1536767", "name": "https://moodle.org/mod/forum/discuss.php?d=381230#p1536767", "refsource": "CONFIRM" }, - { + { "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372", "refsource": "CONFIRM" @@ -87,4 +88,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3827.json b/2019/3xxx/CVE-2019-3827.json index 0e925e21766..95ec83c1b8c 100644 --- a/2019/3xxx/CVE-2019-3827.json +++ b/2019/3xxx/CVE-2019-3827.json @@ -4,7 +4,7 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-3827", - "ASSIGNER": "lpardo@redhat.com", + "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, "affects": { @@ -49,11 +49,11 @@ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3827", "refsource": "CONFIRM" }, - { - "url": "https://gitlab.gnome.org/GNOME/gvfs/merge_requests/31", + { + "url": "https://gitlab.gnome.org/GNOME/gvfs/merge_requests/31", "name": "https://gitlab.gnome.org/GNOME/gvfs/merge_requests/31", "refsource": "CONFIRM" - } + } ] }, "description": { @@ -74,4 +74,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3831.json b/2019/3xxx/CVE-2019-3831.json index f1f18b8c23b..b41ac626a51 100644 --- a/2019/3xxx/CVE-2019-3831.json +++ b/2019/3xxx/CVE-2019-3831.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-3831", - "ASSIGNER": "lpardo@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2019/3xxx/CVE-2019-3841.json b/2019/3xxx/CVE-2019-3841.json index 367dd3c32b6..fb2cd94717b 100644 --- a/2019/3xxx/CVE-2019-3841.json +++ b/2019/3xxx/CVE-2019-3841.json @@ -1,18 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3841", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3841", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Kubevirt project", + "product": { + "product_data": [ + { + "product_name": "kubevirt/virt-cdi-importer", + "version": { + "version_data": [ + { + "version_value": "from 1.4.0 to 1.5.3 inclusive" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/kubevirt/containerized-data-importer/issues/678", + "refsource": "MISC", + "name": "https://github.com/kubevirt/containerized-data-importer/issues/678" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3841", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3841", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Kubevirt/virt-cdi-importer, versions 1.4.0 to 1.5.3 inclusive, were reported to disable TLS certificate validation when importing data into PVCs from container registries. This could enable man-in-the-middle attacks between a container registry and the virt-cdi-component, leading to possible undetected tampering of trusted container image content." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3855.json b/2019/3xxx/CVE-2019-3855.json index e362ed56d40..401cc4aa845 100644 --- a/2019/3xxx/CVE-2019-3855.json +++ b/2019/3xxx/CVE-2019-3855.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-f31c14682f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767" } ] }, diff --git a/2019/3xxx/CVE-2019-3858.json b/2019/3xxx/CVE-2019-3858.json index 1be833fa439..bb5a0393fb6 100644 --- a/2019/3xxx/CVE-2019-3858.json +++ b/2019/3xxx/CVE-2019-3858.json @@ -78,6 +78,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-f31c14682f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767" } ] }, diff --git a/2019/3xxx/CVE-2019-3859.json b/2019/3xxx/CVE-2019-3859.json index 3f3d2526855..45d9dcec442 100644 --- a/2019/3xxx/CVE-2019-3859.json +++ b/2019/3xxx/CVE-2019-3859.json @@ -78,6 +78,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-f31c14682f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767" } ] }, diff --git a/2019/3xxx/CVE-2019-3862.json b/2019/3xxx/CVE-2019-3862.json index fd4ffcd625d..1c1cf332fd6 100644 --- a/2019/3xxx/CVE-2019-3862.json +++ b/2019/3xxx/CVE-2019-3862.json @@ -78,6 +78,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-f31c14682f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCWEA5ZCLKRDUK62QVVYMFWLWKOPX3LO/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767", + "url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767" } ] }, diff --git a/2019/3xxx/CVE-2019-3863.json b/2019/3xxx/CVE-2019-3863.json index 52dbecd71f0..4753f2b7e7a 100644 --- a/2019/3xxx/CVE-2019-3863.json +++ b/2019/3xxx/CVE-2019-3863.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-3863", - "ASSIGNER": "psampaio@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -57,7 +58,9 @@ "refsource": "CONFIRM" }, { - "url": "https://www.libssh2.org/CVE-2019-3863.html" + "url": "https://www.libssh2.org/CVE-2019-3863.html", + "refsource": "MISC", + "name": "https://www.libssh2.org/CVE-2019-3863.html" } ] }, @@ -79,4 +82,4 @@ ] ] } -} +} \ No newline at end of file