diff --git a/2018/6xxx/CVE-2018-6414.json b/2018/6xxx/CVE-2018-6414.json index 5433a35b02b..1c1020c6b0c 100644 --- a/2018/6xxx/CVE-2018-6414.json +++ b/2018/6xxx/CVE-2018-6414.json @@ -53,9 +53,9 @@ "references": { "reference_data": [ { - "name": "http://www.hikvision.com/en/Support/Cybersecurity-Center/Security-Advisory/431181228784397", "refsource": "CONFIRM", - "url": "http://www.hikvision.com/en/Support/Cybersecurity-Center/Security-Advisory/431181228784397" + "name": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification--buffer-overflow-vulnerability-in-some-hik/", + "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification--buffer-overflow-vulnerability-in-some-hik/" } ] } diff --git a/2020/13xxx/CVE-2020-13933.json b/2020/13xxx/CVE-2020-13933.json index 8fcb8eddd0b..ea544237fd6 100644 --- a/2020/13xxx/CVE-2020-13933.json +++ b/2020/13xxx/CVE-2020-13933.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[geode-dev] 20200901 Re: Proposal to bring GEODE-8456 (shiro upgrade) to support branches", "url": "https://lists.apache.org/thread.html/r9ea6d8560d6354d41433ad006069904f0ed083527aa348b5999261a7@%3Cdev.geode.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[shiro-dev] 20200924 Request for assistance to backport CVE-2020-13933 fix", + "url": "https://lists.apache.org/thread.html/r6ea0224c1971a91dc6ade1f22508119a9c3bd56cef656f0c44bbfabb@%3Cdev.shiro.apache.org%3E" } ] }, diff --git a/2020/15xxx/CVE-2020-15850.json b/2020/15xxx/CVE-2020-15850.json index cb5531defc7..878dd6d63e1 100644 --- a/2020/15xxx/CVE-2020-15850.json +++ b/2020/15xxx/CVE-2020-15850.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15850", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15850", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities", + "url": "https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities" } ] } diff --git a/2020/15xxx/CVE-2020-15851.json b/2020/15xxx/CVE-2020-15851.json index 1a59d305633..1b062ff2892 100644 --- a/2020/15xxx/CVE-2020-15851.json +++ b/2020/15xxx/CVE-2020-15851.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15851", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15851", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also possible to create or delete backup repositories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities", + "url": "https://labs.f-secure.com/advisories/nakivo-backup-and-replication-multiple-vulnerabilities" } ] } diff --git a/2020/25xxx/CVE-2020-25071.json b/2020/25xxx/CVE-2020-25071.json index 0ccae30c6f1..f9f81b14645 100644 --- a/2020/25xxx/CVE-2020-25071.json +++ b/2020/25xxx/CVE-2020-25071.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon a Project Home visit." + "value": "** DISPUTED ** Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon a Project Home visit. Note: It has been argued that this is not reproducible. \"The original issue was that the task would be created and an alert would be shown on the screen. Now the task would be created, but the alert won't be executed as those attributes are now stripped.\"" } ] },