diff --git a/2018/5xxx/CVE-2018-5950.json b/2018/5xxx/CVE-2018-5950.json index 03ef66528cc..f91bd21110b 100644 --- a/2018/5xxx/CVE-2018-5950.json +++ b/2018/5xxx/CVE-2018-5950.json @@ -91,6 +91,11 @@ "name": "[debian-lts-announce] 20180209 [SECURITY] [DLA 1272-1] mailman security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00007.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/159761/Mailman-2.1.23-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/159761/Mailman-2.1.23-Cross-Site-Scripting.html" } ] } diff --git a/2020/14xxx/CVE-2020-14882.json b/2020/14xxx/CVE-2020-14882.json index 0ac78c260c1..495199dd693 100644 --- a/2020/14xxx/CVE-2020-14882.json +++ b/2020/14xxx/CVE-2020-14882.json @@ -80,6 +80,11 @@ "url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "name": "https://www.oracle.com/security-alerts/cpuoct2020.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/159769/Oracle-WebLogic-Server-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/159769/Oracle-WebLogic-Server-Remote-Code-Execution.html" } ] } diff --git a/2020/25xxx/CVE-2020-25780.json b/2020/25xxx/CVE-2020-25780.json index 930292ddc2e..7b9c988df37 100644 --- a/2020/25xxx/CVE-2020-25780.json +++ b/2020/25xxx/CVE-2020-25780.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25780", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25780", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instead view a file outside of the log-files folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://kb.commvault.com/article/63264", + "refsource": "MISC", + "name": "http://kb.commvault.com/article/63264" } ] } diff --git a/2020/27xxx/CVE-2020-27744.json b/2020/27xxx/CVE-2020-27744.json index c8e0bf9d234..2839215893f 100644 --- a/2020/27xxx/CVE-2020-27744.json +++ b/2020/27xxx/CVE-2020-27744.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-27744", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-27744", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114", + "refsource": "MISC", + "name": "https://www.westerndigital.com/support/productsecurity/wdc-20007-my-cloud-firmware-version-5-04-114" } ] } diff --git a/2020/27xxx/CVE-2020-27995.json b/2020/27xxx/CVE-2020-27995.json new file mode 100644 index 00000000000..9ce973b84fe --- /dev/null +++ b/2020/27xxx/CVE-2020-27995.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-27995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com/products/applications_manager/issues.html#v14560", + "refsource": "MISC", + "name": "https://www.manageengine.com/products/applications_manager/issues.html#v14560" + } + ] + } +} \ No newline at end of file