diff --git a/2012/0xxx/CVE-2012-0929.json b/2012/0xxx/CVE-2012-0929.json index fc808d61816..1f280f03f4f 100644 --- a/2012/0xxx/CVE-2012-0929.json +++ b/2012/0xxx/CVE-2012-0929.json @@ -76,6 +76,11 @@ "name": "schneider-modicon-ftp-dos(72589)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72589" + }, + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03", + "url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-12-020-03" } ] } diff --git a/2018/21xxx/CVE-2018-21036.json b/2018/21xxx/CVE-2018-21036.json index 37573040e2f..9c57b5705bc 100644 --- a/2018/21xxx/CVE-2018-21036.json +++ b/2018/21xxx/CVE-2018-21036.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2018-21036", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2018-21036", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/balderdashy/sails-hook-sockets/commit/ff02114eaec090ee51db48435cc32d451662606e", + "refsource": "MISC", + "name": "https://github.com/balderdashy/sails-hook-sockets/commit/ff02114eaec090ee51db48435cc32d451662606e" + }, + { + "url": "https://github.com/balderdashy/sails-hook-sockets/commit/0533a4864b1920fd8fbb5287bc0889193c5faf44", + "refsource": "MISC", + "name": "https://github.com/balderdashy/sails-hook-sockets/commit/0533a4864b1920fd8fbb5287bc0889193c5faf44" + }, + { + "url": "https://github.com/balderdashy/sails/blob/56f8276f6501a144a03d1f0f28df4ccdb4ad82e2/CHANGELOG.md", + "refsource": "MISC", + "name": "https://github.com/balderdashy/sails/blob/56f8276f6501a144a03d1f0f28df4ccdb4ad82e2/CHANGELOG.md" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200719 CVE-2018-21036: Sails.js before v1.0.0-46 DoS", + "url": "http://www.openwall.com/lists/oss-security/2020/07/19/1" } ] } diff --git a/2019/10xxx/CVE-2019-10092.json b/2019/10xxx/CVE-2019-10092.json index 1247f276694..c4365201d0c 100644 --- a/2019/10xxx/CVE-2019-10092.json +++ b/2019/10xxx/CVE-2019-10092.json @@ -44,6 +44,66 @@ }, "references": { "reference_data": [ + { + "refsource": "MLIST", + "name": "[httpd-announce] 20190814 CVE-2019-10092: Limited cross-site scripting in mod_proxy", + "url": "https://lists.apache.org/thread.html/73768e31e0fcae03e12f5aa87da1cb26dece39327f3c32060baa3e94@%3Cannounce.httpd.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", + "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190814 CVE-2019-10092: Limited cross-site scripting in mod_proxy", + "url": "http://www.openwall.com/lists/oss-security/2019/08/15/4" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-099575a123", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7RVHJHTU4JN3ULCQ44F2G6LZBF2LGNTC/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4509", + "url": "https://www.debian.org/security/2019/dsa-4509" + }, + { + "refsource": "BUGTRAQ", + "name": "20190826 [SECURITY] [DSA 4509-1] apache2 security update", + "url": "https://seclists.org/bugtraq/2019/Aug/47" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190828 [SECURITY] [DLA 1900-1] apache2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4113-1", + "url": "https://usn.ubuntu.com/4113-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2051", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20190905-0003/", + "url": "https://security.netapp.com/advisory/ntap-20190905-0003/" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201909-04", + "url": "https://security.gentoo.org/glsa/201909-04" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K30442259", + "url": "https://support.f5.com/csp/article/K30442259" + }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1900-2] apache2 regression update", @@ -98,6 +158,11 @@ "refsource": "MISC", "name": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd", + "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-10092-Limited%20Cross-Site%20Scripting%20in%20mod_proxy%20Error%20Page-Apache%20httpd" } ] }, diff --git a/2019/12xxx/CVE-2019-12401.json b/2019/12xxx/CVE-2019-12401.json index f74aefd769f..7c049bfc033 100644 --- a/2019/12xxx/CVE-2019-12401.json +++ b/2019/12xxx/CVE-2019-12401.json @@ -50,6 +50,41 @@ }, "references": { "reference_data": [ + { + "refsource": "MLIST", + "name": "[lucene-general] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", + "url": "https://lists.apache.org/thread.html/7ab5e95a1a0b4f35ffe53f1eb0cb74b4348b49d41b72ac155b843fa2@%3Cgeneral.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", + "url": "https://lists.apache.org/thread.html/048ae6e4f84a88e8856f766320b48ad91f9fca2c6f621aa2c40088fe@%3Cdev.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", + "url": "http://www.openwall.com/lists/oss-security/2019/09/10/1" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20190909 [jira] [Resolved] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0", + "url": "https://lists.apache.org/thread.html/521d10a19bfb590f86dff41820ccfb11e92281f233a12c882650931e@%3Cdev.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[announce] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", + "url": "https://lists.apache.org/thread.html/1c92300643f48f13bc59b15e3f886ba62bae1798c7d4c2e5c1ece09b@%3Cannounce.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-solr-user] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", + "url": "https://lists.apache.org/thread.html/60a924662ead9aeea74e8ea128d9ca935f8de925aa71b15ab2787d6a@%3Csolr-user.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-dev] 20190909 [jira] [Updated] (SOLR-13750) [CVE-2019-12401] XML Bomb in Apache Solr versions prior to 5.0.0", + "url": "https://lists.apache.org/thread.html/db8eaca456d03c00a66cbe37548978318d424b9997e3fd7f5c65dffe@%3Cdev.lucene.apache.org%3E" + }, { "refsource": "MLIST", "name": "[www-announce] 20190909 [SECURITY] CVE-2019-12401: XML Bomb in Apache Solr versions prior to 5.0", @@ -64,6 +99,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190926-0002/", "url": "https://security.netapp.com/advisory/ntap-20190926-0002/" + }, + { + "refsource": "MISC", + "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr", + "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12401-XML%20Bomb-Apache%20Solr" } ] }, diff --git a/2019/12xxx/CVE-2019-12409.json b/2019/12xxx/CVE-2019-12409.json index cecd555920c..5d66b421058 100644 --- a/2019/12xxx/CVE-2019-12409.json +++ b/2019/12xxx/CVE-2019-12409.json @@ -49,10 +49,35 @@ "name": "[lucene-solr-user] 20191118 CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default", "url": "https://lists.apache.org/thread.html/6640c7e370fce2b74e466a605a46244ccc40666ad9e3064a4e04a85d@%3Csolr-user.lucene.apache.org%3E" }, + { + "refsource": "MLIST", + "name": "[lucene-issues] 20191118 [jira] [Commented] (SOLR-13647) CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default", + "url": "https://lists.apache.org/thread.html/ce7c0b456b15f6c7518adefa54ec948fed6de8e951a2584500c1e541@%3Cissues.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-issues] 20191118 [jira] [Updated] (SOLR-13647) CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default", + "url": "https://lists.apache.org/thread.html/925cdb49ceae78baddb45da7beb9b4d2b1ddc4a8e318c65e91fb4e87@%3Cissues.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-general] 20191118 CVE-2019-12409: Apache Solr RCE vulnerability due to bad config default", + "url": "https://lists.apache.org/thread.html/a044eae4f6f5b0160ece5bf9cc4c0dad90ce7dd9bb210a9dc50b54be@%3Cgeneral.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[announce] 20191118 [CVE-2019-12409] Apache Solr RCE vulnerability due to bad config default", + "url": "https://lists.apache.org/thread.html/47e112035b4aa67ece3b75dbcd1b9c9212895b9dfe2a71f6f7c174e2@%3Cannounce.apache.org%3E" + }, { "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K23720587?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K23720587?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "MISC", + "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12409-RCE%20Vulnerability%20Due%20to%20Bad%20Defalut%20Config-Apache%20Solr", + "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-12409-RCE%20Vulnerability%20Due%20to%20Bad%20Defalut%20Config-Apache%20Solr" } ] }, diff --git a/2019/14xxx/CVE-2019-14223.json b/2019/14xxx/CVE-2019-14223.json index b0a14d34ed8..7e33c1a8afa 100644 --- a/2019/14xxx/CVE-2019-14223.json +++ b/2019/14xxx/CVE-2019-14223.json @@ -56,6 +56,11 @@ "url": "https://community.alfresco.com/content?filterID=all~objecttype~thread%5Bquestions%5D", "refsource": "MISC", "name": "https://community.alfresco.com/content?filterID=all~objecttype~thread%5Bquestions%5D" + }, + { + "refsource": "MISC", + "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20Redirect%20in%20Alfresco%20Share-Alfresco%20Community", + "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14223-Open%20Redirect%20in%20Alfresco%20Share-Alfresco%20Community" } ] } diff --git a/2019/20xxx/CVE-2019-20417.json b/2019/20xxx/CVE-2019-20417.json index 0d0a30edd99..eb27a6a0f67 100644 --- a/2019/20xxx/CVE-2019-20417.json +++ b/2019/20xxx/CVE-2019-20417.json @@ -1,13 +1,12 @@ { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { - "ASSIGNER": "security@atlassian.com", - "DATE_PUBLIC": "2019-12-17T00:00:00", "ID": "CVE-2019-20417", + "ASSIGNER": "cve@mitre.org", "STATE": "REJECT" }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { @@ -16,4 +15,4 @@ } ] } -} +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12432.json b/2020/12xxx/CVE-2020-12432.json index 11cec20f26a..e4a2d7a86b5 100644 --- a/2020/12xxx/CVE-2020-12432.json +++ b/2020/12xxx/CVE-2020-12432.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12432", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12432", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtain an API access token, which can be accomplished if the attacker is able to upload a .docx or .odt file. The associated API endpoints for exploitation are /wopi/files and /wopi/getAccessToken." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=_tkRnSr6yc0", + "url": "https://www.youtube.com/watch?v=_tkRnSr6yc0" + }, + { + "refsource": "MISC", + "name": "https://github.com/d7x/CVE-2020-12432", + "url": "https://github.com/d7x/CVE-2020-12432" } ] } diff --git a/2020/12xxx/CVE-2020-12640.json b/2020/12xxx/CVE-2020-12640.json index 9b07095e098..eaaa52a850a 100644 --- a/2020/12xxx/CVE-2020-12640.json +++ b/2020/12xxx/CVE-2020-12640.json @@ -71,6 +71,11 @@ "url": "https://github.com/roundcube/roundcubemail/commit/814eadb699e8576ce3a78f21e95bf69a7c7b3794", "refsource": "MISC", "name": "https://github.com/roundcube/roundcubemail/commit/814eadb699e8576ce3a78f21e95bf69a7c7b3794" + }, + { + "refsource": "MISC", + "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12640-PHP%20Local%20File%20Inclusion-Roundcube", + "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12640-PHP%20Local%20File%20Inclusion-Roundcube" } ] } diff --git a/2020/12xxx/CVE-2020-12641.json b/2020/12xxx/CVE-2020-12641.json index 65b78222eb0..f1d339f101a 100644 --- a/2020/12xxx/CVE-2020-12641.json +++ b/2020/12xxx/CVE-2020-12641.json @@ -71,6 +71,11 @@ "url": "https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3", "refsource": "MISC", "name": "https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3" + }, + { + "refsource": "MISC", + "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube", + "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-12641-Command%20Injection-Roundcube" } ] } diff --git a/2020/13xxx/CVE-2020-13965.json b/2020/13xxx/CVE-2020-13965.json index b6b3511410b..45157cff516 100644 --- a/2020/13xxx/CVE-2020-13965.json +++ b/2020/13xxx/CVE-2020-13965.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-aeffd92b77", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODPJXBHZ32QSP4MYT2OBCALYXSUJ47SK/" + }, + { + "refsource": "MISC", + "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube", + "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2020-13965-Cross%20Site-Scripting%20via%20Malicious%20XML%20Attachment-Roundcube" } ] }