diff --git a/2018/8xxx/CVE-2018-8088.json b/2018/8xxx/CVE-2018-8088.json index 81bc18d7c08..e68b2350935 100644 --- a/2018/8xxx/CVE-2018-8088.json +++ b/2018/8xxx/CVE-2018-8088.json @@ -236,6 +236,11 @@ "refsource": "MLIST", "name": "[hadoop-common-issues] 20200824 [jira] [Updated] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)", "url": "https://lists.apache.org/thread.html/r767861f053c15f9e9201b939a0d508dd58475a072e76135eaaca17f0@%3Ccommon-issues.hadoop.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[hadoop-common-issues] 20200824 [jira] [Commented] (HADOOP-17220) Upgrade slf4j to 1.7.30 ( To Adress: CVE-2018-8088)", + "url": "https://lists.apache.org/thread.html/rfe52b7cbba4dcba521e13130e5d28d5818b78d70db0af1b470fa0264@%3Ccommon-issues.hadoop.apache.org%3E" } ] } diff --git a/2019/16xxx/CVE-2019-16163.json b/2019/16xxx/CVE-2019-16163.json index 6ebec77bb82..892bc0802dd 100644 --- a/2019/16xxx/CVE-2019-16163.json +++ b/2019/16xxx/CVE-2019-16163.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-6a931c8eec", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZW47MSFZ6WYOAOFXHBDGU4LYACFRKC2Y/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4460-1", + "url": "https://usn.ubuntu.com/4460-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19012.json b/2019/19xxx/CVE-2019-19012.json index 36ce675fd77..0481b61ffb6 100644 --- a/2019/19xxx/CVE-2019-19012.json +++ b/2019/19xxx/CVE-2019-19012.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-73197ff9a0", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3MBNW6Z4DOXSCNWGBLQ7OA3OGUJ44WL/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4460-1", + "url": "https://usn.ubuntu.com/4460-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19204.json b/2019/19xxx/CVE-2019-19204.json index 53636ab64e9..52b6eadbf72 100644 --- a/2019/19xxx/CVE-2019-19204.json +++ b/2019/19xxx/CVE-2019-19204.json @@ -86,6 +86,11 @@ "refsource": "MISC", "name": "https://github.com/tarantula-team/CVE-2019-19204", "url": "https://github.com/tarantula-team/CVE-2019-19204" + }, + { + "refsource": "UBUNTU", + "name": "USN-4460-1", + "url": "https://usn.ubuntu.com/4460-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19246.json b/2019/19xxx/CVE-2019-19246.json index b83a567271f..1361221f1bb 100644 --- a/2019/19xxx/CVE-2019-19246.json +++ b/2019/19xxx/CVE-2019-19246.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191204 [SECURITY] [DLA 2020-1] libonig security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4460-1", + "url": "https://usn.ubuntu.com/4460-1/" } ] } diff --git a/2020/19xxx/CVE-2020-19877.json b/2020/19xxx/CVE-2020-19877.json index ca605e4b947..48f31207e14 100644 --- a/2020/19xxx/CVE-2020-19877.json +++ b/2020/19xxx/CVE-2020-19877.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-19877", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-19877", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DBHcms v1.2.0 has a directory traversal vulnerability as there is no directory control function in directory /dbhcms/. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fragrant10/cve/tree/master/dbhcms1.2.0#1", + "refsource": "MISC", + "name": "https://github.com/fragrant10/cve/tree/master/dbhcms1.2.0#1" } ] } diff --git a/2020/24xxx/CVE-2020-24186.json b/2020/24xxx/CVE-2020-24186.json index 512af14018d..b01f5cd9b18 100644 --- a/2020/24xxx/CVE-2020-24186.json +++ b/2020/24xxx/CVE-2020-24186.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24186", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24186", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin/", + "refsource": "MISC", + "name": "https://www.wordfence.com/blog/2020/07/critical-arbitrary-file-upload-vulnerability-patched-in-wpdiscuz-plugin/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7690.json b/2020/7xxx/CVE-2020-7690.json index 1a642bb0ec2..929fd031537 100644 --- a/2020/7xxx/CVE-2020-7690.json +++ b/2020/7xxx/CVE-2020-7690.json @@ -60,7 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "All versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method." + "value": "All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method." } ] }