diff --git a/2016/4xxx/CVE-2016-4074.json b/2016/4xxx/CVE-2016-4074.json index e834da4e919..4b6792257cd 100644 --- a/2016/4xxx/CVE-2016-4074.json +++ b/2016/4xxx/CVE-2016-4074.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file." + "value": "The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jg 1.6_rc1-r0." } ] }, @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "https://github.com/NixOS/nixpkgs/pull/18908", "url": "https://github.com/NixOS/nixpkgs/pull/18908" + }, + { + "refsource": "MISC", + "name": "https://github.com/hashicorp/consul/issues/10263", + "url": "https://github.com/hashicorp/consul/issues/10263" } ] } diff --git a/2019/18xxx/CVE-2019-18218.json b/2019/18xxx/CVE-2019-18218.json index b26649d8266..dd3fb18724a 100644 --- a/2019/18xxx/CVE-2019-18218.json +++ b/2019/18xxx/CVE-2019-18218.json @@ -111,6 +111,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0677", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00044.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210715 [SECURITY] [DLA 2708-1] php7.0 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html" } ] } diff --git a/2020/12xxx/CVE-2020-12729.json b/2020/12xxx/CVE-2020-12729.json index 5c11cfec2fa..523ad365058 100644 --- a/2020/12xxx/CVE-2020-12729.json +++ b/2020/12xxx/CVE-2020-12729.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12729", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12729", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MagicMotion Flamingo 2 has a lack of access control for reading from device descriptors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.magicsmotion.com/p-flamingo.html", + "refsource": "MISC", + "name": "http://www.magicsmotion.com/p-flamingo.html" } ] } diff --git a/2020/12xxx/CVE-2020-12730.json b/2020/12xxx/CVE-2020-12730.json index 66a7767ee43..4faa087d109 100644 --- a/2020/12xxx/CVE-2020-12730.json +++ b/2020/12xxx/CVE-2020-12730.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12730", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12730", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.magicsmotion.com/p-flamingo.html", + "refsource": "MISC", + "name": "http://www.magicsmotion.com/p-flamingo.html" } ] } diff --git a/2020/12xxx/CVE-2020-12731.json b/2020/12xxx/CVE-2020-12731.json index 44cb4522688..bcf5a427e58 100644 --- a/2020/12xxx/CVE-2020-12731.json +++ b/2020/12xxx/CVE-2020-12731.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12731", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12731", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.magicsmotion.com/p-flamingo.html", + "refsource": "MISC", + "name": "http://www.magicsmotion.com/p-flamingo.html" } ] } diff --git a/2020/15xxx/CVE-2020-15495.json b/2020/15xxx/CVE-2020-15495.json index 03143058b9a..b7c358223e8 100644 --- a/2020/15xxx/CVE-2020-15495.json +++ b/2020/15xxx/CVE-2020-15495.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15495", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15495", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.acronis.com/en-us/support/updates/index.html", + "refsource": "MISC", + "name": "https://www.acronis.com/en-us/support/updates/index.html" + }, + { + "refsource": "MISC", + "name": "https://kb.acronis.com/content/68061", + "url": "https://kb.acronis.com/content/68061" } ] } diff --git a/2020/19xxx/CVE-2020-19201.json b/2020/19xxx/CVE-2020-19201.json index 0f693002eb0..89e7ab3545f 100644 --- a/2020/19xxx/CVE-2020-19201.json +++ b/2020/19xxx/CVE-2020-19201.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Netgate pfSense 2.4.4 - p2 is affected by: Cross Site Scripting (XSS). The impact is: Authenticated Stored XSS in NAT Configuration (local). The component is: Description Text box, Status/Reload Filter Page. The attack vector is: An attacker get access to the victim's session by performing the CSRF and gather the cookie and session ids or possibly can change the victims NAT configuration using this Stored XSS. This attack can possibly spoof the victim's informations." + "value": "A Stored Cross-Site Scripting (XSS) vulnerability was found in status_filter_reload.php, a page in the pfSense software WebGUI, on Netgate pfSense version 2.4.4-p2 and earlier. The page did not encode output from the filter reload process, and a stored XSS was possible via the descr (description) parameter on NAT rules." } ] }, @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://docs.netgate.com/pfsense/en/latest/releases/2-4-4-p3.html", "url": "https://docs.netgate.com/pfsense/en/latest/releases/2-4-4-p3.html" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/dharmeshbaskaran/fd3779006361d07651a883e8a040d916", + "url": "https://gist.github.com/dharmeshbaskaran/fd3779006361d07651a883e8a040d916" } ] } diff --git a/2020/25xxx/CVE-2020-25593.json b/2020/25xxx/CVE-2020-25593.json index 933ab1ca880..b031bdfc3e4 100644 --- a/2020/25xxx/CVE-2020-25593.json +++ b/2020/25xxx/CVE-2020-25593.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25593", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25593", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to insecure folder permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.acronis.com/en-us/blog/", + "refsource": "MISC", + "name": "https://www.acronis.com/en-us/blog/" + }, + { + "refsource": "MISC", + "name": "https://kb.acronis.com/content/68396", + "url": "https://kb.acronis.com/content/68396" } ] } diff --git a/2020/25xxx/CVE-2020-25736.json b/2020/25xxx/CVE-2020-25736.json index 7ee080b90c6..1bb91febf49 100644 --- a/2020/25xxx/CVE-2020-25736.json +++ b/2020/25xxx/CVE-2020-25736.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-25736", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-25736", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.acronis.com/en-us/blog/", + "refsource": "MISC", + "name": "https://www.acronis.com/en-us/blog/" + }, + { + "refsource": "MISC", + "name": "https://kb.acronis.com/content/68061", + "url": "https://kb.acronis.com/content/68061" } ] } diff --git a/2020/7xxx/CVE-2020-7071.json b/2020/7xxx/CVE-2020-7071.json index ab5b17102f0..947629feb7e 100644 --- a/2020/7xxx/CVE-2020-7071.json +++ b/2020/7xxx/CVE-2020-7071.json @@ -110,6 +110,11 @@ "refsource": "GENTOO", "name": "GLSA-202105-23", "url": "https://security.gentoo.org/glsa/202105-23" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210715 [SECURITY] [DLA 2708-1] php7.0 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html" } ] }, diff --git a/2021/21xxx/CVE-2021-21702.json b/2021/21xxx/CVE-2021-21702.json index 38d870ca9f4..93591988318 100644 --- a/2021/21xxx/CVE-2021-21702.json +++ b/2021/21xxx/CVE-2021-21702.json @@ -110,6 +110,11 @@ "refsource": "GENTOO", "name": "GLSA-202105-23", "url": "https://security.gentoo.org/glsa/202105-23" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20210715 [SECURITY] [DLA 2708-1] php7.0 security update", + "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html" } ] }, diff --git a/2021/28xxx/CVE-2021-28165.json b/2021/28xxx/CVE-2021-28165.json index e09c5593ff7..0a3b339f4b1 100644 --- a/2021/28xxx/CVE-2021-28165.json +++ b/2021/28xxx/CVE-2021-28165.json @@ -587,6 +587,11 @@ "refsource": "MLIST", "name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813", "url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[kafka-jira] 20210715 [jira] [Commented] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39", + "url": "https://lists.apache.org/thread.html/r40136c2010fccf4fb2818a965e5d7ecca470e5f525c232ec5b8eb83a@%3Cjira.kafka.apache.org%3E" } ] }