diff --git a/2007/6xxx/CVE-2007-6070.json b/2007/6xxx/CVE-2007-6070.json index 62936f29abc..a260ab20734 100644 --- a/2007/6xxx/CVE-2007-6070.json +++ b/2007/6xxx/CVE-2007-6070.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2007-6070", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2007-6070", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1382. Reason: This candidate is a reservation duplicate of CVE-2008-1382. Notes: All CVE users should reference CVE-2008-1382 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2019/17xxx/CVE-2019-17634.json b/2019/17xxx/CVE-2019-17634.json index 2f7d7920e2b..5c00b6ee46c 100644 --- a/2019/17xxx/CVE-2019-17634.json +++ b/2019/17xxx/CVE-2019-17634.json @@ -40,7 +40,7 @@ "description_data": [ { "lang": "eng", - "value": "Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, open the malicious heap dump and generate an HTML report for the problem to occur. The heap dump could be specially crafted, or could come from a crafted application or from an application processing malicious data. The vulnerability is present whena report is generated and opened from the Memory Analyzer graphical user interface, or when a report generated in batch mode is then opened in Memory Analyzer or by a web browser. The vulnerability could possibly allow code execution on the local system whenthe report is opened in Memory Analyzer. " + "value": "Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, open the malicious heap dump and generate an HTML report for the problem to occur. The heap dump could be specially crafted, or could come from a crafted application or from an application processing malicious data. The vulnerability is present whena report is generated and opened from the Memory Analyzer graphical user interface, or when a report generated in batch mode is then opened in Memory Analyzer or by a web browser. The vulnerability could possibly allow code execution on the local system whenthe report is opened in Memory Analyzer." } ] }, @@ -65,4 +65,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17635.json b/2019/17xxx/CVE-2019-17635.json index 3191bb01ad0..61661f895ea 100644 --- a/2019/17xxx/CVE-2019-17635.json +++ b/2019/17xxx/CVE-2019-17635.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted index for the problem to occur. The problem can be averted if the index files from an untrusted source are deleted and the heap dump is opened and reparsed. Also some local configuration data is subject to a deserialization vulnerability if the local data were to be replaced with a malicious version. This can be averted if the local configuration data stored on the file system cannot be changed by an attacker. The vulnerability could possibly allow code execution on the local system. " + "value": "Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted index for the problem to occur. The problem can be averted if the index files from an untrusted source are deleted and the heap dump is opened and reparsed. Also some local configuration data is subject to a deserialization vulnerability if the local data were to be replaced with a malicious version. This can be averted if the local configuration data stored on the file system cannot be changed by an attacker. The vulnerability could possibly allow code execution on the local system." } ] }, @@ -59,4 +59,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19339.json b/2019/19xxx/CVE-2019-19339.json index 1ab199d73da..d1c9073d5b3 100644 --- a/2019/19xxx/CVE-2019-19339.json +++ b/2019/19xxx/CVE-2019-19339.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19339", - "ASSIGNER": "msiddiqu@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { @@ -54,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor's Memory Management Unit (MMU) uses Paging structure entries to translate program's virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses. System software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor's TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change." + "value": "It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor's Memory Management Unit (MMU) uses Paging structure entries to translate program's virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses. System software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor's TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change." } ] }, @@ -68,4 +69,4 @@ ] ] } -} +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20009.json b/2019/20xxx/CVE-2019-20009.json index ab71b458d1a..e819f473c48 100644 --- a/2019/20xxx/CVE-2019-20009.json +++ b/2019/20xxx/CVE-2019-20009.json @@ -66,6 +66,11 @@ "url": "https://github.com/LibreDWG/libredwg/issues/176#issue-541977765", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/176#issue-541977765" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/20xxx/CVE-2019-20010.json b/2019/20xxx/CVE-2019-20010.json index 78d31cb3efc..44deb4afe62 100644 --- a/2019/20xxx/CVE-2019-20010.json +++ b/2019/20xxx/CVE-2019-20010.json @@ -61,6 +61,11 @@ "url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643383", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643383" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/20xxx/CVE-2019-20011.json b/2019/20xxx/CVE-2019-20011.json index a7317d04b02..1eeac942dcc 100644 --- a/2019/20xxx/CVE-2019-20011.json +++ b/2019/20xxx/CVE-2019-20011.json @@ -61,6 +61,11 @@ "url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643439", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643439" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/20xxx/CVE-2019-20012.json b/2019/20xxx/CVE-2019-20012.json index ebdbc17f463..f6c6d6a1846 100644 --- a/2019/20xxx/CVE-2019-20012.json +++ b/2019/20xxx/CVE-2019-20012.json @@ -61,6 +61,11 @@ "url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643088", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643088" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/20xxx/CVE-2019-20013.json b/2019/20xxx/CVE-2019-20013.json index cbde2703701..49d297010fb 100644 --- a/2019/20xxx/CVE-2019-20013.json +++ b/2019/20xxx/CVE-2019-20013.json @@ -66,6 +66,11 @@ "url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643060", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643060" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/20xxx/CVE-2019-20014.json b/2019/20xxx/CVE-2019-20014.json index 8aab4daddb7..17bf25e3839 100644 --- a/2019/20xxx/CVE-2019-20014.json +++ b/2019/20xxx/CVE-2019-20014.json @@ -66,6 +66,11 @@ "url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643172", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643172" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/20xxx/CVE-2019-20015.json b/2019/20xxx/CVE-2019-20015.json index 71c967cef96..396608c2085 100644 --- a/2019/20xxx/CVE-2019-20015.json +++ b/2019/20xxx/CVE-2019-20015.json @@ -61,6 +61,11 @@ "url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643028", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643028" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/9xxx/CVE-2019-9770.json b/2019/9xxx/CVE-2019-9770.json index 2ef3dfbe018..97a9d854372 100644 --- a/2019/9xxx/CVE-2019-9770.json +++ b/2019/9xxx/CVE-2019-9770.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/9xxx/CVE-2019-9771.json b/2019/9xxx/CVE-2019-9771.json index 83d115228be..fa8119ba0e0 100644 --- a/2019/9xxx/CVE-2019-9771.json +++ b/2019/9xxx/CVE-2019-9771.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/9xxx/CVE-2019-9772.json b/2019/9xxx/CVE-2019-9772.json index d149d7b1b9e..ae82e4d292a 100644 --- a/2019/9xxx/CVE-2019-9772.json +++ b/2019/9xxx/CVE-2019-9772.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/9xxx/CVE-2019-9773.json b/2019/9xxx/CVE-2019-9773.json index b6e23fabc95..0fce88e629c 100644 --- a/2019/9xxx/CVE-2019-9773.json +++ b/2019/9xxx/CVE-2019-9773.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/9xxx/CVE-2019-9774.json b/2019/9xxx/CVE-2019-9774.json index 36b21a55c4b..de3e91154e6 100644 --- a/2019/9xxx/CVE-2019-9774.json +++ b/2019/9xxx/CVE-2019-9774.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/9xxx/CVE-2019-9775.json b/2019/9xxx/CVE-2019-9775.json index 2cf68967d0c..eb690c43fa0 100644 --- a/2019/9xxx/CVE-2019-9775.json +++ b/2019/9xxx/CVE-2019-9775.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/9xxx/CVE-2019-9776.json b/2019/9xxx/CVE-2019-9776.json index 2e1cbfe97e3..347d4bbda19 100644 --- a/2019/9xxx/CVE-2019-9776.json +++ b/2019/9xxx/CVE-2019-9776.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/9xxx/CVE-2019-9777.json b/2019/9xxx/CVE-2019-9777.json index 2141fc4a5e9..e92c1c073a9 100644 --- a/2019/9xxx/CVE-2019-9777.json +++ b/2019/9xxx/CVE-2019-9777.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/9xxx/CVE-2019-9778.json b/2019/9xxx/CVE-2019-9778.json index dbbe7dba11d..6ed99cc875a 100644 --- a/2019/9xxx/CVE-2019-9778.json +++ b/2019/9xxx/CVE-2019-9778.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2019/9xxx/CVE-2019-9779.json b/2019/9xxx/CVE-2019-9779.json index a34f682d59c..2099b340d1e 100644 --- a/2019/9xxx/CVE-2019-9779.json +++ b/2019/9xxx/CVE-2019-9779.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" } ] } diff --git a/2020/2xxx/CVE-2020-2656.json b/2020/2xxx/CVE-2020-2656.json index dd9d752255a..a86a3bbf880 100644 --- a/2020/2xxx/CVE-2020-2656.json +++ b/2020/2xxx/CVE-2020-2656.json @@ -66,6 +66,11 @@ "refsource": "BUGTRAQ", "name": "20200117 CVE-2020-2656 - Low impact information disclosure via Solaris xlock", "url": "https://seclists.org/bugtraq/2020/Jan/23" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155990/Solaris-xlock-Information-Disclosure.html", + "url": "http://packetstormsecurity.com/files/155990/Solaris-xlock-Information-Disclosure.html" } ] } diff --git a/2020/2xxx/CVE-2020-2696.json b/2020/2xxx/CVE-2020-2696.json index 36f83669b44..f7a148074ed 100644 --- a/2020/2xxx/CVE-2020-2696.json +++ b/2020/2xxx/CVE-2020-2696.json @@ -67,6 +67,11 @@ "refsource": "BUGTRAQ", "name": "20200117 CVE-2020-2696 - Local privilege escalation via CDE dtsession", "url": "https://seclists.org/bugtraq/2020/Jan/22" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155991/Common-Desktop-Environment-2.3.1-Buffer-Overflow.html", + "url": "http://packetstormsecurity.com/files/155991/Common-Desktop-Environment-2.3.1-Buffer-Overflow.html" } ] } diff --git a/2020/5xxx/CVE-2020-5397.json b/2020/5xxx/CVE-2020-5397.json index e17a9ca855d..70e134db460 100644 --- a/2020/5xxx/CVE-2020-5397.json +++ b/2020/5xxx/CVE-2020-5397.json @@ -41,7 +41,7 @@ "description_data": [ { "lang": "eng", - "value": "Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints.\n\nOnly non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. \n\nNo HTTP body can be sent or received as a result of this attack." + "value": "Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack." } ] },