diff --git a/2015/0xxx/CVE-2015-0797.json b/2015/0xxx/CVE-2015-0797.json index b56e9c40743..c64bb486e7a 100644 --- a/2015/0xxx/CVE-2015-0797.json +++ b/2015/0xxx/CVE-2015-0797.json @@ -116,6 +116,11 @@ "name": "DSA-3225", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3225" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200331 [SECURITY] [DLA 2164-1] gst-plugins-bad0.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00038.html" } ] } diff --git a/2016/9xxx/CVE-2016-9809.json b/2016/9xxx/CVE-2016-9809.json index d927daeaec4..12fbe79ca8c 100644 --- a/2016/9xxx/CVE-2016-9809.json +++ b/2016/9xxx/CVE-2016-9809.json @@ -96,6 +96,11 @@ "name": "[oss-security] 20161201 gstreamer multiple issues", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/12/01/2" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200331 [SECURITY] [DLA 2164-1] gst-plugins-bad0.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00038.html" } ] } diff --git a/2017/5xxx/CVE-2017-5843.json b/2017/5xxx/CVE-2017-5843.json index 78bd7cf5c26..cb54ea5e769 100644 --- a/2017/5xxx/CVE-2017-5843.json +++ b/2017/5xxx/CVE-2017-5843.json @@ -91,6 +91,11 @@ "name": "[oss-security] 20170201 Multiple memory access issues in gstreamer", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/02/01/7" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200331 [SECURITY] [DLA 2164-1] gst-plugins-bad0.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00038.html" } ] } diff --git a/2017/5xxx/CVE-2017-5848.json b/2017/5xxx/CVE-2017-5848.json index b62d08ef689..1d56cc4835a 100644 --- a/2017/5xxx/CVE-2017-5848.json +++ b/2017/5xxx/CVE-2017-5848.json @@ -86,6 +86,11 @@ "name": "[oss-security] 20170201 Multiple memory access issues in gstreamer", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/02/01/7" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200331 [SECURITY] [DLA 2164-1] gst-plugins-bad0.10 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00038.html" } ] } diff --git a/2017/6xxx/CVE-2017-6960.json b/2017/6xxx/CVE-2017-6960.json index edf25ee0049..44701459bd1 100644 --- a/2017/6xxx/CVE-2017-6960.json +++ b/2017/6xxx/CVE-2017-6960.json @@ -56,6 +56,11 @@ "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854367", "refsource": "MISC", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854367" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200331 [SECURITY] [DLA 2165-1] apng2gif security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00039.html" } ] } diff --git a/2020/7xxx/CVE-2020-7009.json b/2020/7xxx/CVE-2020-7009.json index d5d24c0fb7e..8e2c3fdcadc 100644 --- a/2020/7xxx/CVE-2020-7009.json +++ b/2020/7xxx/CVE-2020-7009.json @@ -3,61 +3,65 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "bressers@elastic.co", + "ASSIGNER": "security@elastic.co", "ID": "CVE-2020-7009", "STATE": "PUBLIC" }, "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Elastic", - "product": { - "product_data": [ + "vendor": { + "vendor_data": [ { - "product_name": "Elasticsearch", - "version": { - "version_data": [ - { - "version_value": "All versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1" - } - ] - } + "vendor_name": "Elastic", + "product": { + "product_data": [ + { + "product_name": "Elasticsearch", + "version": { + "version_data": [ + { + "version_value": "All versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1" + } + ] + } + } + ] + } } - ] - } - } - ] - } + ] + } }, "problemtype": { - "problemtype_data": [ - { - "description": [ + "problemtype_data": [ { - "lang": "eng", - "value": "CWE-266: Incorrect Privilege Assignment" + "description": [ + { + "lang": "eng", + "value": "CWE-266: Incorrect Privilege Assignment" + } + ] } - ] - } - ] + ] }, "references": { - "reference_data": [ - { - "url": "https://discuss.elastic.co/t/elastic-stack-6-8-8-and-7-6-2-security-update/225920" - }, - { - "url": "https://www.elastic.co/community/security/" - } - ] + "reference_data": [ + { + "url": "https://www.elastic.co/community/security/", + "refsource": "MISC", + "name": "https://www.elastic.co/community/security/" + }, + { + "url": "https://discuss.elastic.co/t/elastic-stack-6-8-8-and-7-6-2-security-update/225920", + "refsource": "MISC", + "name": "https://discuss.elastic.co/t/elastic-stack-6-8-8-and-7-6-2-security-update/225920" + } + ] }, "description": { - "description_data": [ - { - "lang": "eng", - "value": "Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges." - } - ] + "description_data": [ + { + "lang": "eng", + "value": "Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges." + } + ] } -} +} \ No newline at end of file