From e9552f4785fdf1b8661cc5730522c4d4b26837c5 Mon Sep 17 00:00:00 2001
From: CVE Team <cve-request@mitre.org>
Date: Wed, 16 Oct 2019 12:01:11 +0000
Subject: [PATCH] "-Synchronized-Data."

---
 2016/4xxx/CVE-2016-4977.json   |  5 +++
 2018/11xxx/CVE-2018-11396.json |  5 +++
 2018/20xxx/CVE-2018-20856.json |  5 +++
 2019/10xxx/CVE-2019-10126.json |  5 +++
 2019/16xxx/CVE-2019-16709.json |  5 +++
 2019/17xxx/CVE-2019-17113.json |  5 +++
 2019/17xxx/CVE-2019-17625.json | 62 +++++++++++++++++++++++++++++++
 2019/17xxx/CVE-2019-17626.json | 67 ++++++++++++++++++++++++++++++++++
 2019/17xxx/CVE-2019-17627.json | 62 +++++++++++++++++++++++++++++++
 2019/3xxx/CVE-2019-3846.json   |  5 +++
 2019/9xxx/CVE-2019-9506.json   |  5 +++
 11 files changed, 231 insertions(+)
 create mode 100644 2019/17xxx/CVE-2019-17625.json
 create mode 100644 2019/17xxx/CVE-2019-17626.json
 create mode 100644 2019/17xxx/CVE-2019-17627.json

diff --git a/2016/4xxx/CVE-2016-4977.json b/2016/4xxx/CVE-2016-4977.json
index 49b639c80fe..536a0abdd1a 100644
--- a/2016/4xxx/CVE-2016-4977.json
+++ b/2016/4xxx/CVE-2016-4977.json
@@ -69,6 +69,11 @@
                 "refsource": "MLIST",
                 "name": "[fineract-dev] 20191016 Re: [CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0",
                 "url": "https://lists.apache.org/thread.html/0841d849c23418c473ccb9183cbf41a317cb0476e44be48022ce3488@%3Cdev.fineract.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20191015 Fwd: [CVE-2016-4977] Apache Fineract remote code execution vulnerabilities fixed in v1.3.0",
+                "url": "http://www.openwall.com/lists/oss-security/2019/10/16/1"
             }
         ]
     }
diff --git a/2018/11xxx/CVE-2018-11396.json b/2018/11xxx/CVE-2018-11396.json
index 94aa42efbee..3f92b9f8f57 100644
--- a/2018/11xxx/CVE-2018-11396.json
+++ b/2018/11xxx/CVE-2018-11396.json
@@ -56,6 +56,11 @@
                 "name": "https://bugzilla.gnome.org/show_bug.cgi?id=795740",
                 "refsource": "CONFIRM",
                 "url": "https://bugzilla.gnome.org/show_bug.cgi?id=795740"
+            },
+            {
+                "refsource": "SUSE",
+                "name": "openSUSE-SU-2019:2318",
+                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00043.html"
             }
         ]
     }
diff --git a/2018/20xxx/CVE-2018-20856.json b/2018/20xxx/CVE-2018-20856.json
index a48efa6eda5..407752d8a1d 100644
--- a/2018/20xxx/CVE-2018-20856.json
+++ b/2018/20xxx/CVE-2018-20856.json
@@ -131,6 +131,11 @@
                 "refsource": "REDHAT",
                 "name": "RHSA-2019:3055",
                 "url": "https://access.redhat.com/errata/RHSA-2019:3055"
+            },
+            {
+                "refsource": "REDHAT",
+                "name": "RHSA-2019:3089",
+                "url": "https://access.redhat.com/errata/RHSA-2019:3089"
             }
         ]
     }
diff --git a/2019/10xxx/CVE-2019-10126.json b/2019/10xxx/CVE-2019-10126.json
index 1766d32d461..2f34bb6fa74 100644
--- a/2019/10xxx/CVE-2019-10126.json
+++ b/2019/10xxx/CVE-2019-10126.json
@@ -148,6 +148,11 @@
                 "refsource": "REDHAT",
                 "name": "RHSA-2019:3055",
                 "url": "https://access.redhat.com/errata/RHSA-2019:3055"
+            },
+            {
+                "refsource": "REDHAT",
+                "name": "RHSA-2019:3089",
+                "url": "https://access.redhat.com/errata/RHSA-2019:3089"
             }
         ]
     },
diff --git a/2019/16xxx/CVE-2019-16709.json b/2019/16xxx/CVE-2019-16709.json
index 4041757d70c..65008276980 100644
--- a/2019/16xxx/CVE-2019-16709.json
+++ b/2019/16xxx/CVE-2019-16709.json
@@ -56,6 +56,11 @@
                 "url": "https://github.com/ImageMagick/ImageMagick/issues/1531",
                 "refsource": "MISC",
                 "name": "https://github.com/ImageMagick/ImageMagick/issues/1531"
+            },
+            {
+                "refsource": "SUSE",
+                "name": "openSUSE-SU-2019:2317",
+                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00045.html"
             }
         ]
     }
diff --git a/2019/17xxx/CVE-2019-17113.json b/2019/17xxx/CVE-2019-17113.json
index aa084ae618a..d8b1a64bbaa 100644
--- a/2019/17xxx/CVE-2019-17113.json
+++ b/2019/17xxx/CVE-2019-17113.json
@@ -76,6 +76,11 @@
                 "refsource": "SUSE",
                 "name": "openSUSE-SU-2019:2306",
                 "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00035.html"
+            },
+            {
+                "refsource": "SUSE",
+                "name": "openSUSE-SU-2019:2319",
+                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00044.html"
             }
         ]
     }
diff --git a/2019/17xxx/CVE-2019-17625.json b/2019/17xxx/CVE-2019-17625.json
new file mode 100644
index 00000000000..616a84860ee
--- /dev/null
+++ b/2019/17xxx/CVE-2019-17625.json
@@ -0,0 +1,62 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "cve@mitre.org",
+        "ID": "CVE-2019-17625",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "There is a stored XSS in Rambox 0.6.9 that can lead to code execution. The XSS is in the name field while adding/editing a service. The problem occurs due to incorrect sanitization of the name field when being processed and stored. This allows a user to craft a payload for Node.js and Electron, such as an exec of OS commands within the onerror attribute of an IMG element."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://github.com/ramboxapp/community-edition/issues/2418",
+                "refsource": "MISC",
+                "name": "https://github.com/ramboxapp/community-edition/issues/2418"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/2019/17xxx/CVE-2019-17626.json b/2019/17xxx/CVE-2019-17626.json
new file mode 100644
index 00000000000..d755081bd0d
--- /dev/null
+++ b/2019/17xxx/CVE-2019-17626.json
@@ -0,0 +1,67 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "cve@mitre.org",
+        "ID": "CVE-2019-17626",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "ReportLab through 3.5.26 allows remote code execution because of toColor(eval(arg)) in colors.py, as demonstrated by a crafted XML document with '<span color=\"' followed by arbitrary Python code."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code",
+                "refsource": "MISC",
+                "name": "https://bitbucket.org/rptlab/reportlab/issues/199/eval-in-colorspy-leads-to-remote-code"
+            },
+            {
+                "url": "https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md",
+                "refsource": "MISC",
+                "name": "https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/2019/17xxx/CVE-2019-17627.json b/2019/17xxx/CVE-2019-17627.json
new file mode 100644
index 00000000000..679416b30b1
--- /dev/null
+++ b/2019/17xxx/CVE-2019-17627.json
@@ -0,0 +1,62 @@
+{
+    "CVE_data_meta": {
+        "ASSIGNER": "cve@mitre.org",
+        "ID": "CVE-2019-17627",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "n/a",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "n/a"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "The Yale Bluetooth Key application for mobile devices allows unauthorized unlock actions by sniffing Bluetooth Low Energy (BLE) traffic during one authorized unlock action, and then calculating the authentication key via simple computations on the hex digits of a valid authentication request. This affects the Yale ZEN-R lock and unspecified other locks."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "n/a"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://github.com/PwnMonkeyLab/YaleDoorlockVulnerability/blob/master/HowToDo.md",
+                "refsource": "MISC",
+                "name": "https://github.com/PwnMonkeyLab/YaleDoorlockVulnerability/blob/master/HowToDo.md"
+            }
+        ]
+    }
+}
\ No newline at end of file
diff --git a/2019/3xxx/CVE-2019-3846.json b/2019/3xxx/CVE-2019-3846.json
index bb81e67c162..9bf6366193e 100644
--- a/2019/3xxx/CVE-2019-3846.json
+++ b/2019/3xxx/CVE-2019-3846.json
@@ -168,6 +168,11 @@
                 "refsource": "REDHAT",
                 "name": "RHSA-2019:3055",
                 "url": "https://access.redhat.com/errata/RHSA-2019:3055"
+            },
+            {
+                "refsource": "REDHAT",
+                "name": "RHSA-2019:3089",
+                "url": "https://access.redhat.com/errata/RHSA-2019:3089"
             }
         ]
     },
diff --git a/2019/9xxx/CVE-2019-9506.json b/2019/9xxx/CVE-2019-9506.json
index 73e1e834cbb..a91f4759539 100644
--- a/2019/9xxx/CVE-2019-9506.json
+++ b/2019/9xxx/CVE-2019-9506.json
@@ -182,6 +182,11 @@
                 "refsource": "REDHAT",
                 "name": "RHSA-2019:3055",
                 "url": "https://access.redhat.com/errata/RHSA-2019:3055"
+            },
+            {
+                "refsource": "REDHAT",
+                "name": "RHSA-2019:3089",
+                "url": "https://access.redhat.com/errata/RHSA-2019:3089"
             }
         ]
     },