diff --git a/2013/4xxx/CVE-2013-4226.json b/2013/4xxx/CVE-2013-4226.json index 251aaa5f547..ba2160dfc88 100644 --- a/2013/4xxx/CVE-2013-4226.json +++ b/2013/4xxx/CVE-2013-4226.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4226", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Authenticated User Page Caching (Authcache) module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to cached pages, which allows remote attackers with the same role-combination as the superuser to obtain sensitive information via the cached pages of the superuser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Authenticated User Page Caching (Authcache) module", + "version": { + "version_data": [ + { + "version_value": "7.x-1.x before 7.x-1.5" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://drupal.org/node/2059589", + "url": "https://drupal.org/node/2059589" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/08/10/1", + "url": "http://www.openwall.com/lists/oss-security/2013/08/10/1" + }, + { + "refsource": "MISC", + "name": "https://drupal.org/node/2058165", + "url": "https://drupal.org/node/2058165" } ] } diff --git a/2013/4xxx/CVE-2013-4228.json b/2013/4xxx/CVE-2013-4228.json index e562618dc59..9b86855442b 100644 --- a/2013/4xxx/CVE-2013-4228.json +++ b/2013/4xxx/CVE-2013-4228.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4228", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read the content of arbitrary private groups via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Permissions" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Organic Groups (OG) module", + "version": { + "version_data": [ + { + "version_value": "7.x-2.x before 7.x-2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://drupal.org/node/2059765", + "url": "https://drupal.org/node/2059765" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/08/10/1", + "url": "http://www.openwall.com/lists/oss-security/2013/08/10/1" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/61708", + "url": "http://www.securityfocus.com/bid/61708" + }, + { + "refsource": "MISC", + "name": "https://drupal.org/node/2059755", + "url": "https://drupal.org/node/2059755" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86328", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86328" } ] } diff --git a/2015/7xxx/CVE-2015-7507.json b/2015/7xxx/CVE-2015-7507.json index 8c56d4a6a4c..a3b58535334 100644 --- a/2015/7xxx/CVE-2015-7507.json +++ b/2015/7xxx/CVE-2015-7507.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-7507", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Libnsbmp", + "version": { + "version_data": [ + { + "version_value": "0.1.2" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/537132/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/537132/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Dec/73", + "url": "http://seclists.org/fulldisclosure/2015/Dec/73" } ] } diff --git a/2019/0xxx/CVE-2019-0193.json b/2019/0xxx/CVE-2019-0193.json index aaff6baaa02..a60ea453d9b 100644 --- a/2019/0xxx/CVE-2019-0193.json +++ b/2019/0xxx/CVE-2019-0193.json @@ -118,6 +118,11 @@ "refsource": "MLIST", "name": "[lucene-issues] 20200218 [jira] [Updated] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler", "url": "https://lists.apache.org/thread.html/r33aed7ad4ee9833c4190a44e2b106efd2deb19504b85e012175540f6@%3Cissues.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-issues] 20200218 [jira] [Commented] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler", + "url": "https://lists.apache.org/thread.html/rb34d820c21f1708c351f9035d6bc7daf80bfb6ef99b34f7af1d2f699@%3Cissues.lucene.apache.org%3E" } ] }, diff --git a/2019/18xxx/CVE-2019-18634.json b/2019/18xxx/CVE-2019-18634.json index 7f65e6bb6e9..847f85a4d9f 100644 --- a/2019/18xxx/CVE-2019-18634.json +++ b/2019/18xxx/CVE-2019-18634.json @@ -151,6 +151,11 @@ "refsource": "REDHAT", "name": "RHSA-2020:0509", "url": "https://access.redhat.com/errata/RHSA-2020:0509" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0540", + "url": "https://access.redhat.com/errata/RHSA-2020:0540" } ] } diff --git a/2020/0xxx/CVE-2020-0728.json b/2020/0xxx/CVE-2020-0728.json index a78cbcc9dbf..20c7b959d6f 100644 --- a/2020/0xxx/CVE-2020-0728.json +++ b/2020/0xxx/CVE-2020-0728.json @@ -198,6 +198,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/156394/Microsoft-Windows-Modules-Installer-Service-Information-Disclosure.html", "url": "http://packetstormsecurity.com/files/156394/Microsoft-Windows-Modules-Installer-Service-Information-Disclosure.html" + }, + { + "refsource": "FULLDISC", + "name": "20200218 CVE-2020-0728: Windows Modules Installer Service Information Disclosure Vulnerability", + "url": "http://seclists.org/fulldisclosure/2020/Feb/16" } ] } diff --git a/2020/2xxx/CVE-2020-2583.json b/2020/2xxx/CVE-2020-2583.json index 9432562c88a..f68de5f0d18 100644 --- a/2020/2xxx/CVE-2020-2583.json +++ b/2020/2xxx/CVE-2020-2583.json @@ -168,6 +168,11 @@ "refsource": "BUGTRAQ", "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", "url": "https://seclists.org/bugtraq/2020/Feb/22" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0541", + "url": "https://access.redhat.com/errata/RHSA-2020:0541" } ] } diff --git a/2020/2xxx/CVE-2020-2590.json b/2020/2xxx/CVE-2020-2590.json index 591b5780bf3..60eeb9babf7 100644 --- a/2020/2xxx/CVE-2020-2590.json +++ b/2020/2xxx/CVE-2020-2590.json @@ -143,6 +143,11 @@ "refsource": "BUGTRAQ", "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", "url": "https://seclists.org/bugtraq/2020/Feb/22" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0541", + "url": "https://access.redhat.com/errata/RHSA-2020:0541" } ] } diff --git a/2020/2xxx/CVE-2020-2593.json b/2020/2xxx/CVE-2020-2593.json index 1cb9fe4d2aa..efebb36ca87 100644 --- a/2020/2xxx/CVE-2020-2593.json +++ b/2020/2xxx/CVE-2020-2593.json @@ -168,6 +168,11 @@ "refsource": "BUGTRAQ", "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", "url": "https://seclists.org/bugtraq/2020/Feb/22" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0541", + "url": "https://access.redhat.com/errata/RHSA-2020:0541" } ] } diff --git a/2020/2xxx/CVE-2020-2601.json b/2020/2xxx/CVE-2020-2601.json index 8fa32caa1c1..2a10b24f91b 100644 --- a/2020/2xxx/CVE-2020-2601.json +++ b/2020/2xxx/CVE-2020-2601.json @@ -143,6 +143,11 @@ "refsource": "BUGTRAQ", "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", "url": "https://seclists.org/bugtraq/2020/Feb/22" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0541", + "url": "https://access.redhat.com/errata/RHSA-2020:0541" } ] } diff --git a/2020/2xxx/CVE-2020-2604.json b/2020/2xxx/CVE-2020-2604.json index be3dcced77e..4162d7e3ac1 100644 --- a/2020/2xxx/CVE-2020-2604.json +++ b/2020/2xxx/CVE-2020-2604.json @@ -153,6 +153,11 @@ "refsource": "BUGTRAQ", "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", "url": "https://seclists.org/bugtraq/2020/Feb/22" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0541", + "url": "https://access.redhat.com/errata/RHSA-2020:0541" } ] } diff --git a/2020/2xxx/CVE-2020-2654.json b/2020/2xxx/CVE-2020-2654.json index dbaf7e156ec..78adc9bb05e 100644 --- a/2020/2xxx/CVE-2020-2654.json +++ b/2020/2xxx/CVE-2020-2654.json @@ -139,6 +139,11 @@ "refsource": "BUGTRAQ", "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", "url": "https://seclists.org/bugtraq/2020/Feb/22" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0541", + "url": "https://access.redhat.com/errata/RHSA-2020:0541" } ] } diff --git a/2020/2xxx/CVE-2020-2659.json b/2020/2xxx/CVE-2020-2659.json index 920275ee636..775c04e10ce 100644 --- a/2020/2xxx/CVE-2020-2659.json +++ b/2020/2xxx/CVE-2020-2659.json @@ -138,6 +138,11 @@ "refsource": "BUGTRAQ", "name": "20200216 [SECURITY] [DSA 4621-1] openjdk-8 security update", "url": "https://seclists.org/bugtraq/2020/Feb/22" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0541", + "url": "https://access.redhat.com/errata/RHSA-2020:0541" } ] } diff --git a/2020/9xxx/CVE-2020-9264.json b/2020/9xxx/CVE-2020-9264.json index becb38f06f3..9bc4fd66dc6 100644 --- a/2020/9xxx/CVE-2020-9264.json +++ b/2020/9xxx/CVE-2020-9264.json @@ -61,6 +61,11 @@ "url": "https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html", "refsource": "MISC", "name": "https://blog.zoller.lu/p/tzo-11-2020-eset-generic-malformed.html" + }, + { + "refsource": "FULLDISC", + "name": "20200218 Re: [TZO-03-2020] ESET Generic Malformed Archive Bypass (ZIP Compression Information)", + "url": "http://seclists.org/fulldisclosure/2020/Feb/21" } ] } diff --git a/2020/9xxx/CVE-2020-9265.json b/2020/9xxx/CVE-2020-9265.json index bc618699081..d80a098978c 100644 --- a/2020/9xxx/CVE-2020-9265.json +++ b/2020/9xxx/CVE-2020-9265.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9265", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9265", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against the deluser.php Delete User functionality, as demonstrated by pmc_username." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/J3rryBl4nks/PHPMyChatPlus/blob/master/SQLi.md", + "refsource": "MISC", + "name": "https://github.com/J3rryBl4nks/PHPMyChatPlus/blob/master/SQLi.md" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:L/C:H/I:N/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9266.json b/2020/9xxx/CVE-2020-9266.json index 08984ac3da3..c35b638ea94 100644 --- a/2020/9xxx/CVE-2020-9266.json +++ b/2020/9xxx/CVE-2020-9266.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9266", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9266", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary changing of the admin password via process/xajax_server.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/J3rryBl4nks/SOPlanning/blob/master/AdminPasswordChangeCSRF.md", + "refsource": "MISC", + "name": "https://github.com/J3rryBl4nks/SOPlanning/blob/master/AdminPasswordChangeCSRF.md" } ] } diff --git a/2020/9xxx/CVE-2020-9267.json b/2020/9xxx/CVE-2020-9267.json index a2886d3497f..0a8e1af8285 100644 --- a/2020/9xxx/CVE-2020-9267.json +++ b/2020/9xxx/CVE-2020-9267.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9267", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9267", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitrary user creation via process/xajax_server.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/J3rryBl4nks/SOPlanning/blob/master/AddUserCSRF.md", + "refsource": "MISC", + "name": "https://github.com/J3rryBl4nks/SOPlanning/blob/master/AddUserCSRF.md" } ] } diff --git a/2020/9xxx/CVE-2020-9268.json b/2020/9xxx/CVE-2020-9268.json index 7f4d0906560..3e04eaf0f5f 100644 --- a/2020/9xxx/CVE-2020-9268.json +++ b/2020/9xxx/CVE-2020-9268.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9268", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9268", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/J3rryBl4nks/SOPlanning/blob/master/SQLInjectionProjects.md", + "refsource": "MISC", + "name": "https://github.com/J3rryBl4nks/SOPlanning/blob/master/SQLInjectionProjects.md" } ] } diff --git a/2020/9xxx/CVE-2020-9269.json b/2020/9xxx/CVE-2020-9269.json index da299656512..9f3eda3169f 100644 --- a/2020/9xxx/CVE-2020-9269.json +++ b/2020/9xxx/CVE-2020-9269.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9269", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9269", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/J3rryBl4nks/SOPlanning/blob/master/InjectionIcalShell.md", + "refsource": "MISC", + "name": "https://github.com/J3rryBl4nks/SOPlanning/blob/master/InjectionIcalShell.md" } ] } diff --git a/2020/9xxx/CVE-2020-9270.json b/2020/9xxx/CVE-2020-9270.json index bbb05065ea4..6e7167b599a 100644 --- a/2020/9xxx/CVE-2020-9270.json +++ b/2020/9xxx/CVE-2020-9270.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9270", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9270", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/J3rryBl4nks/IceHRM/blob/master/ChangeUserPasswordCSRF.md", + "refsource": "MISC", + "name": "https://github.com/J3rryBl4nks/IceHRM/blob/master/ChangeUserPasswordCSRF.md" } ] } diff --git a/2020/9xxx/CVE-2020-9271.json b/2020/9xxx/CVE-2020-9271.json index 7f4f7064162..bc4d15ad8ea 100644 --- a/2020/9xxx/CVE-2020-9271.json +++ b/2020/9xxx/CVE-2020-9271.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9271", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9271", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via service.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/J3rryBl4nks/IceHRM/blob/master/AddNewUserCSRF.md", + "refsource": "MISC", + "name": "https://github.com/J3rryBl4nks/IceHRM/blob/master/AddNewUserCSRF.md" } ] }