diff --git a/2018/12xxx/CVE-2018-12152.json b/2018/12xxx/CVE-2018-12152.json index 61aeda48612..733e8fc65a1 100644 --- a/2018/12xxx/CVE-2018-12152.json +++ b/2018/12xxx/CVE-2018-12152.json @@ -63,6 +63,11 @@ "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html" }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210634", + "url": "https://support.apple.com/kb/HT210634" + }, { "refsource": "CONFIRM", "name": "https://support.apple.com/kb/HT210722", diff --git a/2018/12xxx/CVE-2018-12153.json b/2018/12xxx/CVE-2018-12153.json index 9ece3846e57..57740a69028 100644 --- a/2018/12xxx/CVE-2018-12153.json +++ b/2018/12xxx/CVE-2018-12153.json @@ -63,6 +63,11 @@ "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html" }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210634", + "url": "https://support.apple.com/kb/HT210634" + }, { "refsource": "CONFIRM", "name": "https://support.apple.com/kb/HT210722", diff --git a/2018/12xxx/CVE-2018-12154.json b/2018/12xxx/CVE-2018-12154.json index 7f4b10bc268..c085274665b 100644 --- a/2018/12xxx/CVE-2018-12154.json +++ b/2018/12xxx/CVE-2018-12154.json @@ -63,6 +63,11 @@ "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00166.html" }, + { + "refsource": "CONFIRM", + "name": "https://support.apple.com/kb/HT210634", + "url": "https://support.apple.com/kb/HT210634" + }, { "refsource": "CONFIRM", "name": "https://support.apple.com/kb/HT210722", diff --git a/2018/5xxx/CVE-2018-5735.json b/2018/5xxx/CVE-2018-5735.json index 616797da1dd..2c6d32cf8dc 100644 --- a/2018/5xxx/CVE-2018-5735.json +++ b/2018/5xxx/CVE-2018-5735.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1\n\nNo ISC releases are affected. Other packages from other distributions who did similar backports for the fix for 2017-3137 may also be affected." + "value": "The Debian backport of the fix for CVE-2017-3137 leads to assertion failure in validator.c:1858; Affects Debian versions 9.9.5.dfsg-9+deb8u15; 9.9.5.dfsg-9+deb8u18; 9.10.3.dfsg.P4-12.3+deb9u5; 9.11.5.P4+dfsg-5.1 No ISC releases are affected. Other packages from other distributions who did similar backports for the fix for 2017-3137 may also be affected." } ] }, @@ -84,4 +84,4 @@ "source": { "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2018/5xxx/CVE-2018-5742.json b/2018/5xxx/CVE-2018-5742.json index d4ea1dede02..276841ad412 100644 --- a/2018/5xxx/CVE-2018-5742.json +++ b/2018/5xxx/CVE-2018-5742.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7.\n\nNo ISC releases are affected. Other packages from other distributions who made the same error may also be affected." + "value": "While backporting a feature for a newer branch of BIND9, RedHat introduced a path leading to an assertion failure in buffer.c:420. Affects RedHat versions bind-9.9.4-65.el7 -> bind-9.9.4-72.el7. No ISC releases are affected. Other packages from other distributions who made the same error may also be affected." } ] }, @@ -84,4 +84,4 @@ "source": { "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7619.json b/2019/7xxx/CVE-2019-7619.json index f90d50cdf69..12b1d5e7056 100644 --- a/2019/7xxx/CVE-2019-7619.json +++ b/2019/7xxx/CVE-2019-7619.json @@ -1,66 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "bressers@elastic.co", - "ID": "CVE-2019-7619", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Elastic", - "product": { - "product_data": [ - { - "product_name": "Elasticsearch", - "version": { - "version_data": [ - { - "version_value": "7.0.0, 7.0.1, 7.1.0, 7.1.1, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 6.7.0, 6.7.1, 6.7.2, 6.8.0, 6.8.1, 6.8.2, 6.8.3" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", + "ID": "CVE-2019-7619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Elastic", + "product": { + "product_data": [ + { + "product_name": "Elasticsearch", + "version": { + "version_data": [ + { + "version_value": "7.0.0, 7.0.1, 7.1.0, 7.1.1, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 6.7.0, 6.7.1, 6.7.2, 6.8.0, 6.8.1, 6.8.2, 6.8.3" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-200: Information Exposure" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Information Exposure" + } + ] + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908" - }, - { - "url": "https://discuss.elastic.co/t/elastic-stack-7-4-0-security-update/201831" - }, - { - "url": "https://www.elastic.co/community/security" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm." - } - ] - } -} + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.elastic.co/community/security", + "url": "https://www.elastic.co/community/security" + }, + { + "refsource": "CONFIRM", + "name": "https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908", + "url": "https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908" + }, + { + "refsource": "CONFIRM", + "name": "https://discuss.elastic.co/t/elastic-stack-7-4-0-security-update/201831", + "url": "https://discuss.elastic.co/t/elastic-stack-7-4-0-security-update/201831" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Elasticsearch versions 7.0.0-7.3.2 and 6.7.0-6.8.3 contain a username disclosure flaw was found in the API Key service. An unauthenticated attacker could send a specially crafted request and determine if a username exists in the Elasticsearch native realm." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7620.json b/2019/7xxx/CVE-2019-7620.json index b8bbbe50a49..06d29a3e21c 100644 --- a/2019/7xxx/CVE-2019-7620.json +++ b/2019/7xxx/CVE-2019-7620.json @@ -1,66 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ASSIGNER": "bressers@elastic.co", - "ID": "CVE-2019-7620", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Elastic", - "product": { - "product_data": [ - { - "product_name": "Logstash", - "version": { - "version_data": [ - { - "version_value": "before 7.4.1 and 6.8.4" + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", + "ID": "CVE-2019-7620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Elastic", + "product": { + "product_data": [ + { + "product_name": "Logstash", + "version": { + "version_data": [ + { + "version_value": "before 7.4.1 and 6.8.4" + } + ] + } + } + ] } - ] } - } ] - } } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-400: Uncontrolled Resource Consumption" - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400: Uncontrolled Resource Consumption" + } + ] + } ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909" - }, - { - "url": "https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908" - }, - { - "url": "https://www.elastic.co/community/security" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding." - } - ] - } -} + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.elastic.co/community/security", + "url": "https://www.elastic.co/community/security" + }, + { + "refsource": "CONFIRM", + "name": "https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908", + "url": "https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908" + }, + { + "refsource": "CONFIRM", + "name": "https://discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909", + "url": "https://discuss.elastic.co/t/elastic-stack-7-4-1-security-update/204909" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding." + } + ] + } +} \ No newline at end of file