diff --git a/2012/0xxx/CVE-2012-0063.json b/2012/0xxx/CVE-2012-0063.json index 8d4362736d7..3a9a647db81 100644 --- a/2012/0xxx/CVE-2012-0063.json +++ b/2012/0xxx/CVE-2012-0063.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-0063", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "tucan", + "product": { + "product_data": [ + { + "product_name": "tucan", + "version": { + "version_data": [ + { + "version_value": "through 0.3.10" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure plugin update mechanism in tucan through 0.3.10 could allow remote attackers to perform man-in-the-middle attacks and execute arbitrary code ith the permissions of the user running tucan." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "insecure plugin update mechanism" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[oss-security] 20120118 Re: CVE request: tucan insecure plugin update mechanism", + "url": "http://www.openwall.com/lists/oss-security/2012/01/19/5" + }, + { + "url": "https://security-tracker.debian.org/tracker/CVE-2012-0063", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2012-0063" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0063", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-0063" + }, + { + "url": "https://access.redhat.com/security/cve/cve-2012-0063", + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/cve-2012-0063" } ] } diff --git a/2013/3xxx/CVE-2013-3551.json b/2013/3xxx/CVE-2013-3551.json index a84b84ab7ff..370af0e6a39 100644 --- a/2013/3xxx/CVE-2013-3551.json +++ b/2013/3xxx/CVE-2013-3551.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3551", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.20, 3.1.x before 3.1.16, and 3.2.x before 3.2.7, and OTRS ITSM 3.0.x before 3.0.8, 3.1.x before 3.1.9, and 3.2.x before 3.2.5 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://advisories.mageia.org/MGASA-2013-0196.html", + "url": "http://advisories.mageia.org/MGASA-2013-0196.html" + }, + { + "refsource": "MISC", + "name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-3551" } ] } diff --git a/2013/4xxx/CVE-2013-4088.json b/2013/4xxx/CVE-2013-4088.json index 34b1698fa3c..c0a8419a733 100644 --- a/2013/4xxx/CVE-2013-4088.json +++ b/2013/4xxx/CVE-2013-4088.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4088", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Kernel/Modules/AgentTicketWatcher.pm in Open Ticket Request System (OTRS) 3.0.x before 3.0.21, 3.1.x before 3.1.17, and 3.2.x before 3.2.8 does not properly restrict tickets, which allows remote attackers with a valid agent login to read restricted tickets via a crafted URL involving the ticket split mechanism." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0015.html", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0015.html" + }, + { + "refsource": "MISC", + "name": "http://advisories.mageia.org/MGASA-2013-0196.html", + "url": "http://advisories.mageia.org/MGASA-2013-0196.html" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/60688/discuss", + "url": "https://www.securityfocus.com/bid/60688/discuss" + }, + { + "refsource": "MISC", + "name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4088", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4088" } ] } diff --git a/2019/19xxx/CVE-2019-19865.json b/2019/19xxx/CVE-2019-19865.json index 9bac19d41a7..0896b1d52f3 100644 --- a/2019/19xxx/CVE-2019-19865.json +++ b/2019/19xxx/CVE-2019-19865.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19865", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19865", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Atos Unify OpenScape UC Web Client 1.0 allows XSS. An attacker could exploit this by convincing an authenticated user to inject arbitrary JavaScript code in the Profile Name field. A browser would execute this stored XSS payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://unify.com/en/support/security-advisories", + "url": "https://unify.com/en/support/security-advisories" + }, + { + "refsource": "MISC", + "name": "https://networks.unify.com/security/advisories/OBSO-2002-01.pdf", + "url": "https://networks.unify.com/security/advisories/OBSO-2002-01.pdf" } ] } diff --git a/2019/19xxx/CVE-2019-19866.json b/2019/19xxx/CVE-2019-19866.json index 5d7f049b1d7..4f590d531cc 100644 --- a/2019/19xxx/CVE-2019-19866.json +++ b/2019/19xxx/CVE-2019-19866.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19866", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19866", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Atos Unify OpenScape UC Web Client 1.0 allows remote attackers to obtain sensitive information. By iterating the value of conferenceId to getMailFunction in the JSON API, one can enumerate all conferences scheduled on the platform, with their numbers and access PINs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://unify.com/en/support/security-advisories", + "url": "https://unify.com/en/support/security-advisories" + }, + { + "refsource": "MISC", + "name": "https://networks.unify.com/security/advisories/OBSO-2002-01.pdf", + "url": "https://networks.unify.com/security/advisories/OBSO-2002-01.pdf" } ] } diff --git a/2020/6xxx/CVE-2020-6841.json b/2020/6xxx/CVE-2020-6841.json index 499dd373f26..2a82795d508 100644 --- a/2020/6xxx/CVE-2020-6841.json +++ b/2020/6xxx/CVE-2020-6841.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6841", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6841", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10152", + "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10152" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/jezzaaa/38c752d0a129576b2cc523ce6325050f", + "url": "https://gist.github.com/jezzaaa/38c752d0a129576b2cc523ce6325050f" } ] } diff --git a/2020/6xxx/CVE-2020-6842.json b/2020/6xxx/CVE-2020-6842.json index e7d654cd5bd..1bd7f60d8e0 100644 --- a/2020/6xxx/CVE-2020-6842.json +++ b/2020/6xxx/CVE-2020-6842.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6842", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6842", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10152", + "url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10152" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/jezzaaa/9d704400a7e23f988dfb4f73658678b8", + "url": "https://gist.github.com/jezzaaa/9d704400a7e23f988dfb4f73658678b8" } ] }