"-Synchronized-Data."

2025-05-07 19:17:10 +00:00 · 2019-07-24 16:00:50 +00:00 · 2019-07-24 16:00:50 +00:00 · f62fd514b2
commit f62fd514b2
parent 612845045f
5 changed files with 64 additions and 10 deletions
--- a/2019/0xxx/CVE-2019-0053.json
+++ b/2019/0xxx/CVE-2019-0053.json
@ -147,6 +147,11 @@
                "refsource": "FREEBSD",
                "name": "FreeBSD-SA-19:12",
                "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:12.telnet.asc"
+            },
+            {
+                "refsource": "BUGTRAQ",
+                "name": "20190724 FreeBSD Security Advisory FreeBSD-SA-19:12.telnet",
+                "url": "https://seclists.org/bugtraq/2019/Jul/45"
            }
        ]
    },
--- a/2019/11xxx/CVE-2019-11990.json
+++ b/2019/11xxx/CVE-2019-11990.json
@ -45,7 +45,7 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "MISC",
+                "refsource": "CONFIRM",
                "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03937en_us",
                "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03937en_us"
            }
@ -55,7 +55,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. The versions and platforms of Agent Option modules that are impacted are as follows: 10.0 for Apache 2.2 on RHEL 5 and 6, 10.0 for Apache 2.4 on RHEL 7, 10.0 for Apache 2.4 on HP-UX 11i v3, 10.0 for IIS on Windows, 11.0 for Apache 2.4 on RHEL 7, MFA Proxy 4.0 (Agent module only) for Apache 2.4 on RHEL 7."
+                "value": "Security vulnerabilities in HPE UIoT versions 1.6, 1.5, 1.4.2, 1.4.1, 1.4.0, and 1.2.4.2 could allow unauthorized remote access and access to sensitive data."
            }
        ]
    }
--- a/2019/12xxx/CVE-2019-12439.json
+++ b/2019/12xxx/CVE-2019-12439.json
@ -81,6 +81,11 @@
                "refsource": "SUSE",
                "name": "openSUSE-SU-2019:1721",
                "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00015.html"
+            },
+            {
+                "refsource": "REDHAT",
+                "name": "RHSA-2019:1833",
+                "url": "https://access.redhat.com/errata/RHSA-2019:1833"
            }
        ]
    },
--- a/2019/13xxx/CVE-2019-13615.json
+++ b/2019/13xxx/CVE-2019-13615.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-read in mkv::demux_sys_t::FreeUnused() in modules/demux/mkv/demux.cpp when called from mkv::Open in modules/demux/mkv/mkv.cpp."
+                "value": "VideoLAN VLC media player 3.0.7.1 has a heap-based buffer over-read in mkv::demux_sys_t::FreeUnused() in modules/demux/mkv/demux.cpp when called from mkv::Open in modules/demux/mkv/mkv.cpp. NOTE: It has been reported that the vulnerability originates in libebml before 1.3.6 and was fixed in the 3.0.3 binary version of VLC."
            }
        ]
    },
--- a/2019/3xxx/CVE-2019-3485.json
+++ b/2019/3xxx/CVE-2019-3485.json
@ -1,17 +1,61 @@
 {
-    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
-        "ID": "CVE-2019-3485",
-        "STATE": "RESERVED"
-    },
-    "data_format": "MITRE",
    "data_type": "CVE",
+    "data_format": "MITRE",
    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2019-3485",
+        "ASSIGNER": "security@suse.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "ArcSight Logger",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Prior to 6.7.1"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Stored Cross Site Script (XSS)"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-6-71/ta-p/1790256?attachment-id=75011",
+                "url": "https://community.microfocus.com/t5/Logger/Logger-Release-Notes-6-71/ta-p/1790256?attachment-id=75011"
+            }
+        ]
+    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1"
            }
        ]
    }