diff --git a/2019/14xxx/CVE-2019-14615.json b/2019/14xxx/CVE-2019-14615.json index 87bb4637d60..c00399a2e98 100644 --- a/2019/14xxx/CVE-2019-14615.json +++ b/2019/14xxx/CVE-2019-14615.json @@ -49,6 +49,11 @@ "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html" }, + { + "refsource": "UBUNTU", + "name": "USN-4253-1", + "url": "https://usn.ubuntu.com/4253-1/" + }, { "refsource": "UBUNTU", "name": "USN-4254-1", diff --git a/2019/17xxx/CVE-2019-17570.json b/2019/17xxx/CVE-2019-17570.json index 26770f02c34..0f970f458d1 100644 --- a/2019/17xxx/CVE-2019-17570.json +++ b/2019/17xxx/CVE-2019-17570.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200124 RE: [CVE-2019-17570] xmlrpc-common untrusted deserialization", "url": "http://www.openwall.com/lists/oss-security/2020/01/24/2" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200130 [SECURITY] [DLA 2078-1] libxmlrpc3-java security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00033.html" } ] }, diff --git a/2020/3xxx/CVE-2020-3147.json b/2020/3xxx/CVE-2020-3147.json index 6e02f144a46..867fe44ac88 100644 --- a/2020/3xxx/CVE-2020-3147.json +++ b/2020/3xxx/CVE-2020-3147.json @@ -37,7 +37,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. This vulnerability affects firmware releases prior than 1.3.7.18 " + "value": "A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of requests sent to the web interface. An attacker could exploit this vulnerability by sending a malicious request to the web interface of an affected device. A successful exploit could allow the attacker to cause an unexpected reload of the device, resulting in a DoS condition. This vulnerability affects firmware releases prior than 1.3.7.18" } ] }, @@ -86,4 +86,4 @@ ], "discovery": "INTERNAL" } -} +} \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5233.json b/2020/5xxx/CVE-2020-5233.json index 28fa5230704..c9c511656cd 100644 --- a/2020/5xxx/CVE-2020-5233.json +++ b/2020/5xxx/CVE-2020-5233.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker.\n\nThis has been patched in version 5.0." + "value": "OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0." } ] }, @@ -90,4 +90,4 @@ "advisory": "GHSA-qqxw-m5fj-f7gv", "discovery": "UNKNOWN" } -} +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8093.json b/2020/8xxx/CVE-2020-8093.json index 25f37977a67..1e6f390e59f 100644 --- a/2020/8xxx/CVE-2020-8093.json +++ b/2020/8xxx/CVE-2020-8093.json @@ -81,8 +81,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://www.bitdefender.com/support/security-advisories/code-injection-into-bitdefender-antivirus-for-mac-va-3441/" + "refsource": "MISC", + "url": "https://www.bitdefender.com/support/security-advisories/code-injection-into-bitdefender-antivirus-for-mac-va-3441/", + "name": "https://www.bitdefender.com/support/security-advisories/code-injection-into-bitdefender-antivirus-for-mac-va-3441/" } ] }, diff --git a/2020/8xxx/CVE-2020-8491.json b/2020/8xxx/CVE-2020-8491.json new file mode 100644 index 00000000000..f2a8989d857 --- /dev/null +++ b/2020/8xxx/CVE-2020-8491.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8491", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8492.json b/2020/8xxx/CVE-2020-8492.json new file mode 100644 index 00000000000..73294d84ac1 --- /dev/null +++ b/2020/8xxx/CVE-2020-8492.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8492", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.python.org/issue39503", + "refsource": "MISC", + "name": "https://bugs.python.org/issue39503" + }, + { + "url": "https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html", + "refsource": "MISC", + "name": "https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html" + }, + { + "url": "https://github.com/python/cpython/pull/18284", + "refsource": "MISC", + "name": "https://github.com/python/cpython/pull/18284" + } + ] + } +} \ No newline at end of file