diff --git a/2017/8xxx/CVE-2017-8759.json b/2017/8xxx/CVE-2017-8759.json index c5f37e6b2a8..0f42be61314 100644 --- a/2017/8xxx/CVE-2017-8759.json +++ b/2017/8xxx/CVE-2017-8759.json @@ -82,6 +82,11 @@ "name": "1039324", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039324" + }, + { + "refsource": "MISC", + "name": "https://github.com/GitHubAssessments/CVE_Assessments_01_2020", + "url": "https://github.com/GitHubAssessments/CVE_Assessments_01_2020" } ] } diff --git a/2019/14xxx/CVE-2019-14615.json b/2019/14xxx/CVE-2019-14615.json index 5f6a0d1ae67..a300885fc4c 100644 --- a/2019/14xxx/CVE-2019-14615.json +++ b/2019/14xxx/CVE-2019-14615.json @@ -98,6 +98,11 @@ "refsource": "UBUNTU", "name": "USN-4287-1", "url": "https://usn.ubuntu.com/4287-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-2", + "url": "https://usn.ubuntu.com/4286-2/" } ] }, diff --git a/2019/15xxx/CVE-2019-15217.json b/2019/15xxx/CVE-2019-15217.json index 9e101f255a3..5d2be9836d6 100644 --- a/2019/15xxx/CVE-2019-15217.json +++ b/2019/15xxx/CVE-2019-15217.json @@ -116,6 +116,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-2", + "url": "https://usn.ubuntu.com/4286-2/" } ] } diff --git a/2019/15xxx/CVE-2019-15220.json b/2019/15xxx/CVE-2019-15220.json index 04209efad9a..849ee5226c7 100644 --- a/2019/15xxx/CVE-2019-15220.json +++ b/2019/15xxx/CVE-2019-15220.json @@ -116,6 +116,11 @@ "refsource": "UBUNTU", "name": "USN-4147-1", "url": "https://usn.ubuntu.com/4147-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-2", + "url": "https://usn.ubuntu.com/4286-2/" } ] } diff --git a/2019/15xxx/CVE-2019-15221.json b/2019/15xxx/CVE-2019-15221.json index 838c537875b..5d9207718ba 100644 --- a/2019/15xxx/CVE-2019-15221.json +++ b/2019/15xxx/CVE-2019-15221.json @@ -116,6 +116,11 @@ "refsource": "UBUNTU", "name": "USN-4147-1", "url": "https://usn.ubuntu.com/4147-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-2", + "url": "https://usn.ubuntu.com/4286-2/" } ] } diff --git a/2019/17xxx/CVE-2019-17351.json b/2019/17xxx/CVE-2019-17351.json index 8c5ff4e54ef..496dc8630a7 100644 --- a/2019/17xxx/CVE-2019-17351.json +++ b/2019/17xxx/CVE-2019-17351.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191031-0005/", "url": "https://security.netapp.com/advisory/ntap-20191031-0005/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-2", + "url": "https://usn.ubuntu.com/4286-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19051.json b/2019/19xxx/CVE-2019-19051.json index 18eef3ffc6f..c4dba4a905e 100644 --- a/2019/19xxx/CVE-2019-19051.json +++ b/2019/19xxx/CVE-2019-19051.json @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4225-2", "url": "https://usn.ubuntu.com/4225-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-2", + "url": "https://usn.ubuntu.com/4286-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19056.json b/2019/19xxx/CVE-2019-19056.json index 4d4618235d6..878390ca2bc 100644 --- a/2019/19xxx/CVE-2019-19056.json +++ b/2019/19xxx/CVE-2019-19056.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-2", + "url": "https://usn.ubuntu.com/4286-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19066.json b/2019/19xxx/CVE-2019-19066.json index 3a80a3b7c3d..9c853b144cc 100644 --- a/2019/19xxx/CVE-2019-19066.json +++ b/2019/19xxx/CVE-2019-19066.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-2", + "url": "https://usn.ubuntu.com/4286-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19068.json b/2019/19xxx/CVE-2019-19068.json index 7247733f5d1..ef732c4fc66 100644 --- a/2019/19xxx/CVE-2019-19068.json +++ b/2019/19xxx/CVE-2019-19068.json @@ -76,6 +76,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2675", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-2", + "url": "https://usn.ubuntu.com/4286-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19965.json b/2019/19xxx/CVE-2019-19965.json index 902911db13a..3ac8fa03382 100644 --- a/2019/19xxx/CVE-2019-19965.json +++ b/2019/19xxx/CVE-2019-19965.json @@ -76,6 +76,11 @@ "refsource": "UBUNTU", "name": "USN-4287-1", "url": "https://usn.ubuntu.com/4287-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-2", + "url": "https://usn.ubuntu.com/4286-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19986.json b/2019/19xxx/CVE-2019-19986.json index 4940781c2a2..cc9dbcda979 100644 --- a/2019/19xxx/CVE-2019-19986.json +++ b/2019/19xxx/CVE-2019-19986.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19986", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19986", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. An attacker without authentication is able to execute arbitrary SQL SELECT statements by injecting the HTTP (POST or GET) parameter persoid into /tools/VamPersonPhoto.php. The SQL Injection type is Error-based (this means that relies on error messages thrown by the database server to obtain information about the structure of the database)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html", + "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html" + }, + { + "url": "https://www.seling.it/", + "refsource": "MISC", + "name": "https://www.seling.it/" + }, + { + "url": "https://www.seling.it/product/vam/", + "refsource": "MISC", + "name": "https://www.seling.it/product/vam/" } ] } diff --git a/2019/19xxx/CVE-2019-19987.json b/2019/19xxx/CVE-2019-19987.json index 4aaeb65f195..f197dc2cfc2 100644 --- a/2019/19xxx/CVE-2019-19987.json +++ b/2019/19xxx/CVE-2019-19987.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19987", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19987", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows Cross-Site Request Forgery (CSRF) on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html", + "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html" + }, + { + "url": "https://www.seling.it/", + "refsource": "MISC", + "name": "https://www.seling.it/" + }, + { + "url": "https://www.seling.it/product/vam/", + "refsource": "MISC", + "name": "https://www.seling.it/product/vam/" } ] } diff --git a/2019/19xxx/CVE-2019-19988.json b/2019/19xxx/CVE-2019-19988.json index 0b5efed098a..ff7b01f4a63 100644 --- a/2019/19xxx/CVE-2019-19988.json +++ b/2019/19xxx/CVE-2019-19988.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19988", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19988", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vam_editXml.php in the web interface. The vulnerable PHP page checks none of these: the parameter that identifies the file name to be created, the destination path, or the extension. Thus, an attacker can manipulate the file name to create any type of file within the filesystem with arbitrary content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html", + "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html" + }, + { + "url": "https://www.seling.it/", + "refsource": "MISC", + "name": "https://www.seling.it/" + }, + { + "url": "https://www.seling.it/product/vam/", + "refsource": "MISC", + "name": "https://www.seling.it/product/vam/" } ] } diff --git a/2019/19xxx/CVE-2019-19989.json b/2019/19xxx/CVE-2019-19989.json index 1e03eeae356..ca743fd1f15 100644 --- a/2019/19xxx/CVE-2019-19989.json +++ b/2019/19xxx/CVE-2019-19989.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19989", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19989", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html", + "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html" + }, + { + "url": "https://www.seling.it/", + "refsource": "MISC", + "name": "https://www.seling.it/" + }, + { + "url": "https://www.seling.it/product/vam/", + "refsource": "MISC", + "name": "https://www.seling.it/product/vam/" } ] } diff --git a/2019/19xxx/CVE-2019-19990.json b/2019/19xxx/CVE-2019-19990.json index 7aa1b175cb2..c52bd388926 100644 --- a/2019/19xxx/CVE-2019-19990.json +++ b/2019/19xxx/CVE-2019-19990.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19990", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19990", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Stored Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /monitor/s_headmodel.php and /vam/vam_user.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html", + "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html" + }, + { + "url": "https://www.seling.it/", + "refsource": "MISC", + "name": "https://www.seling.it/" + }, + { + "url": "https://www.seling.it/product/vam/", + "refsource": "MISC", + "name": "https://www.seling.it/product/vam/" } ] } diff --git a/2019/19xxx/CVE-2019-19991.json b/2019/19xxx/CVE-2019-19991.json index 75b9627b32b..7d6e90d79ec 100644 --- a/2019/19xxx/CVE-2019-19991.json +++ b/2019/19xxx/CVE-2019-19991.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19991", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19991", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Multiple Reflected Cross-site scripting (XSS) vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /vam/vam_anagraphic.php, /vam/vam_vamuser.php, /common/vamp_main.php, and /wiz/change_password.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html", + "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html" + }, + { + "url": "https://www.seling.it/", + "refsource": "MISC", + "name": "https://www.seling.it/" + }, + { + "url": "https://www.seling.it/product/vam/", + "refsource": "MISC", + "name": "https://www.seling.it/product/vam/" } ] } diff --git a/2019/19xxx/CVE-2019-19992.json b/2019/19xxx/CVE-2019-19992.json index 79242a94f8b..42f28283265 100644 --- a/2019/19xxx/CVE-2019-19992.json +++ b/2019/19xxx/CVE-2019-19992.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19992", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19992", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vam_editXml.php doesn't check the parameter that identifies the file name to be read. Thus, an attacker can manipulate the file name to access a potentially sensitive file within the filesystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html", + "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html" + }, + { + "url": "https://www.seling.it/", + "refsource": "MISC", + "name": "https://www.seling.it/" + }, + { + "url": "https://www.seling.it/product/vam/", + "refsource": "MISC", + "name": "https://www.seling.it/product/vam/" } ] } diff --git a/2019/19xxx/CVE-2019-19993.json b/2019/19xxx/CVE-2019-19993.json index c33466978cf..96df044b912 100644 --- a/2019/19xxx/CVE-2019-19993.json +++ b/2019/19xxx/CVE-2019-19993.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19993", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19993", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html", + "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html" + }, + { + "url": "https://www.seling.it/", + "refsource": "MISC", + "name": "https://www.seling.it/" + }, + { + "url": "https://www.seling.it/product/vam/", + "refsource": "MISC", + "name": "https://www.seling.it/product/vam/" } ] } diff --git a/2019/19xxx/CVE-2019-19994.json b/2019/19xxx/CVE-2019-19994.json index b9b3064b172..091dc44c27b 100644 --- a/2019/19xxx/CVE-2019-19994.json +++ b/2019/19xxx/CVE-2019-19994.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19994", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19994", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page /common/vam_monitor_sap.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html", + "url": "https://www.telecomitalia.com/tit/it/innovazione/cybersecurity/red-team.html" + }, + { + "url": "https://www.seling.it/", + "refsource": "MISC", + "name": "https://www.seling.it/" + }, + { + "url": "https://www.seling.it/product/vam/", + "refsource": "MISC", + "name": "https://www.seling.it/product/vam/" } ] } diff --git a/2019/20xxx/CVE-2019-20096.json b/2019/20xxx/CVE-2019-20096.json index aed238b2851..8bf3b688e8c 100644 --- a/2019/20xxx/CVE-2019-20096.json +++ b/2019/20xxx/CVE-2019-20096.json @@ -76,6 +76,11 @@ "refsource": "UBUNTU", "name": "USN-4287-1", "url": "https://usn.ubuntu.com/4287-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-2", + "url": "https://usn.ubuntu.com/4286-2/" } ] } diff --git a/2019/4xxx/CVE-2019-4537.json b/2019/4xxx/CVE-2019-4537.json index 6ae1205c949..097acb53d68 100644 --- a/2019/4xxx/CVE-2019-4537.json +++ b/2019/4xxx/CVE-2019-4537.json @@ -1,90 +1,90 @@ { - "data_type" : "CVE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Obtain Information" - } - ] - } - ] - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "U", - "RC" : "C", - "RL" : "O" - }, - "BM" : { - "AV" : "N", - "S" : "U", - "SCORE" : "5.300", - "AC" : "L", - "A" : "N", - "UI" : "N", - "PR" : "N", - "I" : "N", - "C" : "L" - } - } - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Service Registry and Repository 8.5 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 165593." - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "WebSphere Service Registry and Repository", - "version" : { - "version_data" : [ - { - "version_value" : "8.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] } - ] - } - }, - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/3436359", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/3436359", - "title" : "IBM Security Bulletin 3436359 (WebSphere Service Registry and Repository)" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/165593", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-websphere-cve20194537-info-disc (165593)" - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2019-4537", - "DATE_PUBLIC" : "2020-02-25T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_version" : "4.0" -} + ] + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "TM": { + "E": "U", + "RC": "C", + "RL": "O" + }, + "BM": { + "AV": "N", + "S": "U", + "SCORE": "5.300", + "AC": "L", + "A": "N", + "UI": "N", + "PR": "N", + "I": "N", + "C": "L" + } + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Service Registry and Repository 8.5 could allow a user to obtain sensitive version information that could be used in further attacks against the system. IBM X-Force ID: 165593." + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebSphere Service Registry and Repository", + "version": { + "version_data": [ + { + "version_value": "8.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.ibm.com/support/pages/node/3436359", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/3436359", + "title": "IBM Security Bulletin 3436359 (WebSphere Service Registry and Repository)" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/165593", + "title": "X-Force Vulnerability Report", + "name": "ibm-websphere-cve20194537-info-disc (165593)" + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2019-4537", + "DATE_PUBLIC": "2020-02-25T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_version": "4.0" +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4596.json b/2019/4xxx/CVE-2019-4596.json index 8057efca1f2..b1148005bbb 100644 --- a/2019/4xxx/CVE-2019-4596.json +++ b/2019/4xxx/CVE-2019-4596.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2020-02-25T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2019-4596" - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/3144369", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 3144369 (Sterling B2B Integrator)", - "name" : "https://www.ibm.com/support/pages/node/3144369" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/167879", - "refsource" : "XF", - "title" : "X-Force Vulnerability Report", - "name" : "ibm-sterling-cve20194596-xss (167879)" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "DATE_PUBLIC": "2020-02-25T00:00:00", + "STATE": "PUBLIC", + "ID": "CVE-2019-4596" + }, + "data_version": "4.0", + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "5.2.0.0" - }, - { - "version_value" : "5.2.6.5" - } - ] - }, - "product_name" : "Sterling B2B Integrator" - } - ] - } + "url": "https://www.ibm.com/support/pages/node/3144369", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 3144369 (Sterling B2B Integrator)", + "name": "https://www.ibm.com/support/pages/node/3144369" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167879", + "refsource": "XF", + "title": "X-Force Vulnerability Report", + "name": "ibm-sterling-cve20194596-xss (167879)" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Cross-Site Scripting", - "lang" : "eng" - } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "5.2.0.0" + }, + { + "version_value": "5.2.6.5" + } + ] + }, + "product_name": "Sterling B2B Integrator" + } + ] + } + } ] - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167879." - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "E" : "H", - "RL" : "O", - "RC" : "C" - }, - "BM" : { - "UI" : "R", - "A" : "N", - "C" : "L", - "PR" : "L", - "I" : "L", - "AV" : "N", - "S" : "C", - "SCORE" : "5.400", - "AC" : "L" - } - } - }, - "data_format" : "MITRE", - "data_type" : "CVE" -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Cross-Site Scripting", + "lang": "eng" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 167879." + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "E": "H", + "RL": "O", + "RC": "C" + }, + "BM": { + "UI": "R", + "A": "N", + "C": "L", + "PR": "L", + "I": "L", + "AV": "N", + "S": "C", + "SCORE": "5.400", + "AC": "L" + } + } + }, + "data_format": "MITRE", + "data_type": "CVE" +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4597.json b/2019/4xxx/CVE-2019-4597.json index b9d5d19ff36..14c4a8dbe38 100644 --- a/2019/4xxx/CVE-2019-4597.json +++ b/2019/4xxx/CVE-2019-4597.json @@ -1,93 +1,93 @@ { - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-02-25T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2019-4597" - }, - "data_version" : "4.0", - "references" : { - "reference_data" : [ - { - "url" : "https://www.ibm.com/support/pages/node/3145401", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/3145401", - "title" : "IBM Security Bulletin 3145401 (Sterling B2B Integrator)" - }, - { - "title" : "X-Force Vulnerability Report", - "name" : "ibm-sterling-cve20194597-sql-injection (167880)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/167880" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "CVE_data_meta": { + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-02-25T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4597" + }, + "data_version": "4.0", + "references": { + "reference_data": [ { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "5.2.0.0" - }, - { - "version_value" : "5.2.6.5" - } - ] - }, - "product_name" : "Sterling B2B Integrator" - } - ] - } + "url": "https://www.ibm.com/support/pages/node/3145401", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/3145401", + "title": "IBM Security Bulletin 3145401 (Sterling B2B Integrator)" + }, + { + "title": "X-Force Vulnerability Report", + "name": "ibm-sterling-cve20194597-sql-injection (167880)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167880" } - ] - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Data Manipulation", - "lang" : "eng" - } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "5.2.0.0" + }, + { + "version_value": "5.2.6.5" + } + ] + }, + "product_name": "Sterling B2B Integrator" + } + ] + } + } ] - } - ] - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167880.", - "lang" : "eng" - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "AC" : "L", - "SCORE" : "6.300", - "S" : "U", - "AV" : "N", - "I" : "L", - "PR" : "L", - "C" : "L", - "A" : "L", - "UI" : "N" - } - } - }, - "data_format" : "MITRE", - "data_type" : "CVE" -} + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Data Manipulation", + "lang": "eng" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167880.", + "lang": "eng" + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "AC": "L", + "SCORE": "6.300", + "S": "U", + "AV": "N", + "I": "L", + "PR": "L", + "C": "L", + "A": "L", + "UI": "N" + } + } + }, + "data_format": "MITRE", + "data_type": "CVE" +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4598.json b/2019/4xxx/CVE-2019-4598.json index 82fdf76e033..a40481ba79b 100644 --- a/2019/4xxx/CVE-2019-4598.json +++ b/2019/4xxx/CVE-2019-4598.json @@ -1,93 +1,93 @@ { - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2019-4598", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-02-25T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "product_name" : "Sterling B2B Integrator", - "version" : { - "version_data" : [ - { - "version_value" : "5.2.0.0" - }, - { - "version_value" : "5.2.6.5" - } - ] - } - } - ] - } - } - ] - } - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/3145065", - "title" : "IBM Security Bulletin 3145065 (Sterling B2B Integrator)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/3145065" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/167881", - "refsource" : "XF", - "name" : "ibm-sterling-cve20194598-sql-injection (167881)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "L", - "SCORE" : "6.300", - "S" : "U", - "AV" : "N", - "C" : "L", - "I" : "L", - "PR" : "L", - "UI" : "N", - "A" : "L" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167881.", - "lang" : "eng" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Data Manipulation", - "lang" : "eng" - } + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-4598", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-02-25T00:00:00", + "ASSIGNER": "psirt@us.ibm.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "Sterling B2B Integrator", + "version": { + "version_data": [ + { + "version_value": "5.2.0.0" + }, + { + "version_value": "5.2.6.5" + } + ] + } + } + ] + } + } ] - } - ] - }, - "data_type" : "CVE" -} + } + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/3145065", + "title": "IBM Security Bulletin 3145065 (Sterling B2B Integrator)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/3145065" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167881", + "refsource": "XF", + "name": "ibm-sterling-cve20194598-sql-injection (167881)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "impact": { + "cvssv3": { + "BM": { + "AC": "L", + "SCORE": "6.300", + "S": "U", + "AV": "N", + "C": "L", + "I": "L", + "PR": "L", + "UI": "N", + "A": "L" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" + } + } + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 167881.", + "lang": "eng" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Data Manipulation", + "lang": "eng" + } + ] + } + ] + }, + "data_type": "CVE" +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4726.json b/2019/4xxx/CVE-2019-4726.json index 84b39a1bb37..3a5ad4583fc 100644 --- a/2019/4xxx/CVE-2019-4726.json +++ b/2019/4xxx/CVE-2019-4726.json @@ -1,93 +1,93 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "AC" : "L", - "SCORE" : "4.300", - "S" : "U", - "AV" : "N", - "I" : "L", - "PR" : "N", - "C" : "N", - "A" : "N", - "UI" : "R" - }, - "TM" : { - "E" : "U", - "RL" : "O", - "RC" : "C" - } - } - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172363." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } - ] - } - ] - }, - "data_type" : "CVE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-02-25T00:00:00", - "ID" : "CVE-2019-4726" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "5.2.0.0" - }, - { - "version_value" : "5.2.6.5" - } - ] - }, - "product_name" : "Sterling B2B Integrator" - } - ] - } + "impact": { + "cvssv3": { + "BM": { + "AC": "L", + "SCORE": "4.300", + "S": "U", + "AV": "N", + "I": "L", + "PR": "N", + "C": "N", + "A": "N", + "UI": "R" + }, + "TM": { + "E": "U", + "RL": "O", + "RC": "C" } - ] - } - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/3145833", - "title" : "IBM Security Bulletin 3145833 (Sterling B2B Integrator)", - "refsource" : "CONFIRM", - "url" : "https://www.ibm.com/support/pages/node/3145833" - }, - { - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/172363", - "name" : "ibm-sterling-cve20194726-csrf (172363)", - "title" : "X-Force Vulnerability Report" - } - ] - } -} + } + }, + "data_format": "MITRE", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 172363." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] + } + ] + }, + "data_type": "CVE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-02-25T00:00:00", + "ID": "CVE-2019-4726" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "5.2.0.0" + }, + { + "version_value": "5.2.6.5" + } + ] + }, + "product_name": "Sterling B2B Integrator" + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/3145833", + "title": "IBM Security Bulletin 3145833 (Sterling B2B Integrator)", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/3145833" + }, + { + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172363", + "name": "ibm-sterling-cve20194726-csrf (172363)", + "title": "X-Force Vulnerability Report" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5108.json b/2019/5xxx/CVE-2019-5108.json index 391f7424f6f..5f9a2572307 100644 --- a/2019/5xxx/CVE-2019-5108.json +++ b/2019/5xxx/CVE-2019-5108.json @@ -73,6 +73,11 @@ "refsource": "UBUNTU", "name": "USN-4287-1", "url": "https://usn.ubuntu.com/4287-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4286-2", + "url": "https://usn.ubuntu.com/4286-2/" } ] }, diff --git a/2020/8xxx/CVE-2020-8951.json b/2020/8xxx/CVE-2020-8951.json index b8859f5a19f..c205f90a2a2 100644 --- a/2020/8xxx/CVE-2020-8951.json +++ b/2020/8xxx/CVE-2020-8951.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8951", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8951", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Fiserv Accurate Reconciliation 2.19.0 allows XSS via the Source or Destination field of the Configuration Manager (Configuration Parameter Translation) page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/eSecure-CVEs/CVEs/blob/master/CVE-2020-8951", + "url": "https://github.com/eSecure-CVEs/CVEs/blob/master/CVE-2020-8951" } ] } diff --git a/2020/8xxx/CVE-2020-8952.json b/2020/8xxx/CVE-2020-8952.json index 0fb882b2e60..8d4cc1d135f 100644 --- a/2020/8xxx/CVE-2020-8952.json +++ b/2020/8xxx/CVE-2020-8952.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-8952", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-8952", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Fiserv Accurate Reconciliation 2.19.0 allows XSS via the logout.jsp timeOut parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/eSecure-CVEs/CVEs/blob/master/CVE-2020-8952", + "url": "https://github.com/eSecure-CVEs/CVEs/blob/master/CVE-2020-8952" } ] } diff --git a/2020/9xxx/CVE-2020-9274.json b/2020/9xxx/CVE-2020-9274.json index 185769f8e8c..8e42e88af1a 100644 --- a/2020/9xxx/CVE-2020-9274.json +++ b/2020/9xxx/CVE-2020-9274.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9274", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9274", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa", + "refsource": "MISC", + "name": "https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa" + }, + { + "url": "https://www.pureftpd.org/project/pure-ftpd/news/", + "refsource": "MISC", + "name": "https://www.pureftpd.org/project/pure-ftpd/news/" } ] }