diff --git a/2015/2xxx/CVE-2015-2802.json b/2015/2xxx/CVE-2015-2802.json index 229527141ca..c595c78ee76 100644 --- a/2015/2xxx/CVE-2015-2802.json +++ b/2015/2xxx/CVE-2015-2802.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2802", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/75258", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/75258" + }, + { + "refsource": "CONFIRM", + "name": "http://marc.info/?l=bugtraq&m=143455780010289&w=2", + "url": "http://marc.info/?l=bugtraq&m=143455780010289&w=2" + }, + { + "refsource": "CONFIRM", + "name": "http://marc.info/?l=bugtraq&m=143629738517220&w=2", + "url": "http://marc.info/?l=bugtraq&m=143629738517220&w=2" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2015-2802", + "url": "https://packetstormsecurity.com/files/cve/CVE-2015-2802" + }, + { + "refsource": "MISC", + "name": "https://securitytracker.com/id/1032599", + "url": "https://securitytracker.com/id/1032599" } ] } diff --git a/2019/10xxx/CVE-2019-10786.json b/2019/10xxx/CVE-2019-10786.json index e132354e080..b48009db872 100644 --- a/2019/10xxx/CVE-2019-10786.json +++ b/2019/10xxx/CVE-2019-10786.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10786", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "network-manager", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-NETWORKMANAGER-544035", + "url": "https://snyk.io/vuln/SNYK-JS-NETWORKMANAGER-544035" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "network-manager through 1.0.2 allows remote attackers to execute arbitrary commands via the \"execSync()\" argument." } ] } diff --git a/2019/10xxx/CVE-2019-10787.json b/2019/10xxx/CVE-2019-10787.json index 2aec8a97446..929981b256f 100644 --- a/2019/10xxx/CVE-2019-10787.json +++ b/2019/10xxx/CVE-2019-10787.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10787", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "im-resize", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-IMRESIZE-544183", + "url": "https://snyk.io/vuln/SNYK-JS-IMRESIZE-544183" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/Turistforeningen/node-im-resize/commit/de624dacf6a50e39fe3472af1414d44937ce1f03", + "url": "https://github.com/Turistforeningen/node-im-resize/commit/de624dacf6a50e39fe3472af1414d44937ce1f03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the \"exec\" argument. The cmd argument used within index.js, can be controlled by user without any sanitization." } ] } diff --git a/2019/10xxx/CVE-2019-10788.json b/2019/10xxx/CVE-2019-10788.json index 8cb54da868e..5c1c5c0dddd 100644 --- a/2019/10xxx/CVE-2019-10788.json +++ b/2019/10xxx/CVE-2019-10788.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10788", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "im-metadata", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-IMMETADATA-544184", + "url": "https://snyk.io/vuln/SNYK-JS-IMMETADATA-544184" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/Turistforeningen/node-im-metadata/commit/ea15dddbe0f65694bfde36b78dd488e90f246639", + "url": "https://github.com/Turistforeningen/node-im-metadata/commit/ea15dddbe0f65694bfde36b78dd488e90f246639" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "im-metadata through 3.0.1 allows remote attackers to execute arbitrary commands via the \"exec\" argument. It is possible to inject arbitrary commands as part of the metadata options which is given to the \"exec\" function." } ] } diff --git a/2019/12xxx/CVE-2019-12528.json b/2019/12xxx/CVE-2019-12528.json index c3bc21867f0..6621ecc677f 100644 --- a/2019/12xxx/CVE-2019-12528.json +++ b/2019/12xxx/CVE-2019-12528.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12528", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12528", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Squid before 4.10. It allows a crafted FTP server to trigger disclosure of sensitive information from heap memory, such as information associated with other users' sessions or non-Squid processes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt", + "url": "http://www.squid-cache.org/Advisories/SQUID-2020_2.txt" } ] }