diff --git a/2019/14xxx/CVE-2019-14881.json b/2019/14xxx/CVE-2019-14881.json index e5aef616d4e..bf0c21cd39e 100644 --- a/2019/14xxx/CVE-2019-14881.json +++ b/2019/14xxx/CVE-2019-14881.json @@ -60,7 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in moodle 3.7 to 3.7.2 and before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed." + "value": "A vulnerability was found in moodle 3.7 before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed." } ] }, diff --git a/2019/19xxx/CVE-2019-19821.json b/2019/19xxx/CVE-2019-19821.json index ab8821358b9..98ed1b22072 100644 --- a/2019/19xxx/CVE-2019-19821.json +++ b/2019/19xxx/CVE-2019-19821.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.pentagrid.ch/de/blog/security_issues_in_teampasswordmanager_and_combodo_itop/", "url": "https://www.pentagrid.ch/de/blog/security_issues_in_teampasswordmanager_and_combodo_itop/" + }, + { + "refsource": "MISC", + "name": "https://github.com/Combodo/iTop/security/advisories/GHSA-2gfp-2qvh-9796", + "url": "https://github.com/Combodo/iTop/security/advisories/GHSA-2gfp-2qvh-9796" } ] } diff --git a/2020/10xxx/CVE-2020-10199.json b/2020/10xxx/CVE-2020-10199.json index 20fbeaba6da..b7ff093a249 100644 --- a/2020/10xxx/CVE-2020-10199.json +++ b/2020/10xxx/CVE-2020-10199.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10199", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10199", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.sonatype.com/hc/en-us/articles/360044882533", + "url": "https://support.sonatype.com/hc/en-us/articles/360044882533" } ] } diff --git a/2020/10xxx/CVE-2020-10203.json b/2020/10xxx/CVE-2020-10203.json index 767d14217f3..fb19c5cd8ad 100644 --- a/2020/10xxx/CVE-2020-10203.json +++ b/2020/10xxx/CVE-2020-10203.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10203", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10203", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sonatype Nexus Repository before 3.21.2 allows XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.sonatype.com/hc/en-us/articles/360044361594", + "url": "https://support.sonatype.com/hc/en-us/articles/360044361594" } ] } diff --git a/2020/10xxx/CVE-2020-10204.json b/2020/10xxx/CVE-2020-10204.json index d5afb85d718..be4e570eb61 100644 --- a/2020/10xxx/CVE-2020-10204.json +++ b/2020/10xxx/CVE-2020-10204.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10204", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10204", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.sonatype.com/hc/en-us/articles/360044882533", + "url": "https://support.sonatype.com/hc/en-us/articles/360044882533" } ] } diff --git a/2020/1xxx/CVE-2020-1943.json b/2020/1xxx/CVE-2020-1943.json index 0255b02a1e1..a8e1c031f9c 100644 --- a/2020/1xxx/CVE-2020-1943.json +++ b/2020/1xxx/CVE-2020-1943.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1943", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache OFBiz", + "version": { + "version_data": [ + { + "version_value": "Apache OFBiz 16.11.01 to 16.11.07" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://s.apache.org/pr5u8", + "url": "https://s.apache.org/pr5u8" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks, in Apache OFBiz 16.11.01 to 16.11.07" } ] } diff --git a/2020/1xxx/CVE-2020-1949.json b/2020/1xxx/CVE-2020-1949.json index 53f2054124d..4a13ed4e1a0 100644 --- a/2020/1xxx/CVE-2020-1949.json +++ b/2020/1xxx/CVE-2020-1949.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1949", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Apache Sling", + "version": { + "version_data": [ + { + "version_value": "Apache Sling CMS 0.14.0 and previous releases" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://s.apache.org/CVE-2020-1949", + "url": "https://s.apache.org/CVE-2020-1949" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks." } ] } diff --git a/2020/3xxx/CVE-2020-3847.json b/2020/3xxx/CVE-2020-3847.json index bc3ab61eafb..64372fd0c47 100644 --- a/2020/3xxx/CVE-2020-3847.json +++ b/2020/3xxx/CVE-2020-3847.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3847", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may be able to leak memory" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT210919", + "refsource": "MISC", + "name": "https://support.apple.com/HT210919" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to leak memory." } ] } diff --git a/2020/3xxx/CVE-2020-3848.json b/2020/3xxx/CVE-2020-3848.json index ba0b2ba864c..5e22b5a48cf 100644 --- a/2020/3xxx/CVE-2020-3848.json +++ b/2020/3xxx/CVE-2020-3848.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3848", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT210919", + "refsource": "MISC", + "name": "https://support.apple.com/HT210919" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution." } ] } diff --git a/2020/3xxx/CVE-2020-3849.json b/2020/3xxx/CVE-2020-3849.json index 98b448fdbba..e3fd0e92b48 100644 --- a/2020/3xxx/CVE-2020-3849.json +++ b/2020/3xxx/CVE-2020-3849.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3849", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT210919", + "refsource": "MISC", + "name": "https://support.apple.com/HT210919" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution." } ] } diff --git a/2020/3xxx/CVE-2020-3850.json b/2020/3xxx/CVE-2020-3850.json index ad088cd2ee1..4a9a1a415f1 100644 --- a/2020/3xxx/CVE-2020-3850.json +++ b/2020/3xxx/CVE-2020-3850.json @@ -4,14 +4,59 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3850", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "product-security@apple.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apple", + "product": { + "product_data": [ + { + "product_name": "macOS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "macOS Catalina 10.15.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "A remote attacker may be able to cause unexpected application termination or arbitrary code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.apple.com/HT210919", + "refsource": "MISC", + "name": "https://support.apple.com/HT210919" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3. A remote attacker may be able to cause unexpected application termination or arbitrary code execution." } ] }