diff --git a/2010/2xxx/CVE-2010-2061.json b/2010/2xxx/CVE-2010-2061.json index fe1ea4e64e6..885e098bb16 100644 --- a/2010/2xxx/CVE-2010-2061.json +++ b/2010/2xxx/CVE-2010-2061.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-2061", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rpcbind", + "product": { + "product_data": [ + { + "product_name": "rpcbind", + "version": { + "version_data": [ + { + "version_value": "0.2.0" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "rpcbind 0.2.0 does not properly validate (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr, which can be created by an attacker before the daemon is started." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-2061", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-2061" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2061", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2061" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2010-2061", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2010-2061" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20100608 CVE Request -- rpcbind -- Insecure (predictable) temporary file use", + "url": "https://www.openwall.com/lists/oss-security/2010/06/08/3" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583435#5", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583435#5" } ] } diff --git a/2010/2xxx/CVE-2010-2064.json b/2010/2xxx/CVE-2010-2064.json index 3fe6eb5c8bc..f995847edd8 100644 --- a/2010/2xxx/CVE-2010-2064.json +++ b/2010/2xxx/CVE-2010-2064.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-2064", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "rpcbind", + "product": { + "product_data": [ + { + "product_name": "rpcbind", + "version": { + "version_data": [ + { + "version_value": "0.2.0" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "rpcbind 0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /tmp/portmap.xdr and (2) /tmp/rpcbind.xdr." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure (predictable) temporary file use" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2010-2064", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2010-2064" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2064", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2064" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2010-2064", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2010-2064" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20100608 CVE Request -- rpcbind -- Insecure (predictable) temporary file use", + "url": "https://www.openwall.com/lists/oss-security/2010/06/08/3" } ] } diff --git a/2019/10xxx/CVE-2019-10747.json b/2019/10xxx/CVE-2019-10747.json index ff673848cee..63fd4812dc7 100644 --- a/2019/10xxx/CVE-2019-10747.json +++ b/2019/10xxx/CVE-2019-10747.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://snyk.io/vuln/SNYK-JS-SETVALUE-450213", "url": "https://snyk.io/vuln/SNYK-JS-SETVALUE-450213" + }, + { + "refsource": "MLIST", + "name": "[drat-dev] 20191029 [GitHub] [drat] ottlinger opened a new issue #202: Fix security issue in set-value", + "url": "https://lists.apache.org/thread.html/b46f35559c4a97cf74d2dd7fe5a48f8abf2ff37f879083920af9b292@%3Cdev.drat.apache.org%3E" } ] }, diff --git a/2019/13xxx/CVE-2019-13116.json b/2019/13xxx/CVE-2019-13116.json index 5785d9d8cdd..30393868167 100644 --- a/2019/13xxx/CVE-2019-13116.json +++ b/2019/13xxx/CVE-2019-13116.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The MuleSoft Mule runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections." + "value": "The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections" } ] }, diff --git a/2019/3xxx/CVE-2019-3689.json b/2019/3xxx/CVE-2019-3689.json index 54217cc297a..46a7930cf06 100644 --- a/2019/3xxx/CVE-2019-3689.json +++ b/2019/3xxx/CVE-2019-3689.json @@ -98,6 +98,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191019 [SECURITY] [DLA 1965-1] nfs-utils security update", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00026.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2408", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00071.html" } ] },