From ee4b37ceec397be3a6e81c5250cf30b7cd96ddfb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 15 May 2019 19:00:56 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10640.json | 66 ++++++++++++++++++++++++++++++---- 2019/11xxx/CVE-2019-11884.json | 5 +++ 2019/1xxx/CVE-2019-1735.json | 4 +-- 2019/1xxx/CVE-2019-1767.json | 4 +-- 2019/3xxx/CVE-2019-3724.json | 5 +++ 2019/5xxx/CVE-2019-5021.json | 5 +++ 6 files changed, 79 insertions(+), 10 deletions(-) diff --git a/2019/10xxx/CVE-2019-10640.json b/2019/10xxx/CVE-2019-10640.json index da5af9fe1f0..56c2f66c639 100644 --- a/2019/10xxx/CVE-2019-10640.json +++ b/2019/10xxx/CVE-2019-10640.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10640", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10640", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "MISC", + "name": "https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/", + "url": "https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/49665", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/49665" } ] } diff --git a/2019/11xxx/CVE-2019-11884.json b/2019/11xxx/CVE-2019-11884.json index 62963096335..e0aa9190f63 100644 --- a/2019/11xxx/CVE-2019-11884.json +++ b/2019/11xxx/CVE-2019-11884.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-640f8d8dd1", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LAYXGGJUUYPOMCBZGGDCUZFLUU3JOZG5/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-e6bf55e821", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PF2PDXUGOFEOTPVEACKFIHQB6O4XUIZD/" } ] } diff --git a/2019/1xxx/CVE-2019-1735.json b/2019/1xxx/CVE-2019-1735.json index b303f8302a3..4d51157308a 100644 --- a/2019/1xxx/CVE-2019-1735.json +++ b/2019/1xxx/CVE-2019-1735.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid user credentials to exploit this vulnerability. " + "value": "A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerability is due to insufficient validation of arguments passed to certain CLI commands. An attacker could exploit this vulnerability by including malicious input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker would need valid user credentials to exploit this vulnerability." } ] }, @@ -91,4 +91,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1767.json b/2019/1xxx/CVE-2019-1767.json index 0bc1d4605be..137f5809412 100644 --- a/2019/1xxx/CVE-2019-1767.json +++ b/2019/1xxx/CVE-2019-1767.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple vulnerabilities in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerabilities are due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit these vulnerabilities by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities. " + "value": "Multiple vulnerabilities in the implementation of a specific CLI command for Cisco NX-OS Software could allow an authenticated, local attacker with administrator credentials to cause a buffer overflow condition or perform command injection. This could allow the attacker to execute arbitrary commands with elevated privileges on the underlying operating system of an affected device. The vulnerabilities are due to insufficient validation of arguments passed to a certain CLI command. An attacker could exploit these vulnerabilities by including malicious input as the argument of the affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. An attacker would need valid administrator credentials to exploit these vulnerabilities." } ] }, @@ -87,4 +87,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3724.json b/2019/3xxx/CVE-2019-3724.json index 271c1d6a2e0..ec326ecd4dd 100644 --- a/2019/3xxx/CVE-2019-3724.json +++ b/2019/3xxx/CVE-2019-3724.json @@ -102,6 +102,11 @@ "name": "https://community.rsa.com/docs/DOC-104202", "refsource": "CONFIRM", "url": "https://community.rsa.com/docs/DOC-104202" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152943/RSA-NetWitness-Authorization-Bypass.html", + "url": "http://packetstormsecurity.com/files/152943/RSA-NetWitness-Authorization-Bypass.html" } ] }, diff --git a/2019/5xxx/CVE-2019-5021.json b/2019/5xxx/CVE-2019-5021.json index a594c694908..69edead620c 100644 --- a/2019/5xxx/CVE-2019-5021.json +++ b/2019/5xxx/CVE-2019-5021.json @@ -58,6 +58,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190510-0001/", "url": "https://security.netapp.com/advisory/ntap-20190510-0001/" + }, + { + "refsource": "MISC", + "name": "https://alpinelinux.org/posts/Docker-image-vulnerability-CVE-2019-5021.html", + "url": "https://alpinelinux.org/posts/Docker-image-vulnerability-CVE-2019-5021.html" } ] },