From 2cc87541dd2fe5efd082e664ab4c33aba14bbf80 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 1 Sep 2020 14:01:39 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/18xxx/CVE-2017-18640.json | 5 +++ 2017/6xxx/CVE-2017-6318.json | 5 +++ 2020/12xxx/CVE-2020-12861.json | 5 +++ 2020/12xxx/CVE-2020-12862.json | 5 +++ 2020/12xxx/CVE-2020-12863.json | 5 +++ 2020/12xxx/CVE-2020-12864.json | 5 +++ 2020/12xxx/CVE-2020-12865.json | 5 +++ 2020/12xxx/CVE-2020-12866.json | 5 +++ 2020/12xxx/CVE-2020-12867.json | 5 +++ 2020/14xxx/CVE-2020-14514.json | 79 +++++++++++++++++++++++++++++++--- 2020/15xxx/CVE-2020-15861.json | 5 +++ 2020/15xxx/CVE-2020-15862.json | 5 +++ 2020/24xxx/CVE-2020-24554.json | 61 +++++++++++++++++++++++--- 2020/2xxx/CVE-2020-2238.json | 3 +- 2020/2xxx/CVE-2020-2239.json | 3 +- 2020/2xxx/CVE-2020-2240.json | 3 +- 2020/2xxx/CVE-2020-2241.json | 3 +- 2020/2xxx/CVE-2020-2242.json | 3 +- 2020/2xxx/CVE-2020-2243.json | 3 +- 2020/2xxx/CVE-2020-2244.json | 3 +- 2020/2xxx/CVE-2020-2245.json | 3 +- 2020/2xxx/CVE-2020-2246.json | 3 +- 2020/2xxx/CVE-2020-2247.json | 3 +- 2020/2xxx/CVE-2020-2248.json | 3 +- 2020/2xxx/CVE-2020-2249.json | 3 +- 2020/2xxx/CVE-2020-2250.json | 3 +- 2020/2xxx/CVE-2020-2251.json | 3 +- 2020/6xxx/CVE-2020-6117.json | 50 +++++++++++++++++++-- 2020/6xxx/CVE-2020-6118.json | 50 +++++++++++++++++++-- 2020/6xxx/CVE-2020-6119.json | 50 +++++++++++++++++++-- 2020/6xxx/CVE-2020-6120.json | 50 +++++++++++++++++++-- 2020/6xxx/CVE-2020-6121.json | 50 +++++++++++++++++++-- 2020/6xxx/CVE-2020-6122.json | 50 +++++++++++++++++++-- 2020/6xxx/CVE-2020-6129.json | 50 +++++++++++++++++++-- 2020/6xxx/CVE-2020-6130.json | 50 +++++++++++++++++++-- 2020/6xxx/CVE-2020-6131.json | 50 +++++++++++++++++++-- 2020/7xxx/CVE-2020-7665.json | 12 +++--- 37 files changed, 641 insertions(+), 58 deletions(-) diff --git a/2017/18xxx/CVE-2017-18640.json b/2017/18xxx/CVE-2017-18640.json index 7dde1f65b77..1df2b68ada7 100644 --- a/2017/18xxx/CVE-2017-18640.json +++ b/2017/18xxx/CVE-2017-18640.json @@ -111,6 +111,11 @@ "refsource": "MLIST", "name": "[hadoop-common-issues] 20200831 [jira] [Commented] (HADOOP-17236) Bump up snakeyaml to 1.26 to mitigate CVE-2017-18640", "url": "https://lists.apache.org/thread.html/r72a3588d62b2de1361dc9648f5d355385735e47f7ba49d089b0e680d@%3Ccommon-issues.hadoop.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r4c682fb8cf69dd14162439656a6ebdf42ea6ad0e4edba95907ea3f14@%3Ccommits.servicecomb.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r4c682fb8cf69dd14162439656a6ebdf42ea6ad0e4edba95907ea3f14@%3Ccommits.servicecomb.apache.org%3E" } ] } diff --git a/2017/6xxx/CVE-2017-6318.json b/2017/6xxx/CVE-2017-6318.json index 6cd1907ad0a..8e4ea5c1c2a 100644 --- a/2017/6xxx/CVE-2017-6318.json +++ b/2017/6xxx/CVE-2017-6318.json @@ -81,6 +81,11 @@ "name": "[sane-devel] 20170219 Bug#854804: saned: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server", "refsource": "MLIST", "url": "http://lists.alioth.debian.org/pipermail/sane-devel/2017-February/035054.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4470-1", + "url": "https://usn.ubuntu.com/4470-1/" } ] } diff --git a/2020/12xxx/CVE-2020-12861.json b/2020/12xxx/CVE-2020-12861.json index cbfc2232cdb..3d38c238fb3 100644 --- a/2020/12xxx/CVE-2020-12861.json +++ b/2020/12xxx/CVE-2020-12861.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane", "url": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane" + }, + { + "refsource": "UBUNTU", + "name": "USN-4470-1", + "url": "https://usn.ubuntu.com/4470-1/" } ] } diff --git a/2020/12xxx/CVE-2020-12862.json b/2020/12xxx/CVE-2020-12862.json index f832db2ae70..37091ef3de7 100644 --- a/2020/12xxx/CVE-2020-12862.json +++ b/2020/12xxx/CVE-2020-12862.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200817 [SECURITY] [DLA 2332-1] sane-backends security update", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4470-1", + "url": "https://usn.ubuntu.com/4470-1/" } ] } diff --git a/2020/12xxx/CVE-2020-12863.json b/2020/12xxx/CVE-2020-12863.json index 6f6421ae992..498100385bc 100644 --- a/2020/12xxx/CVE-2020-12863.json +++ b/2020/12xxx/CVE-2020-12863.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200817 [SECURITY] [DLA 2332-1] sane-backends security update", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4470-1", + "url": "https://usn.ubuntu.com/4470-1/" } ] } diff --git a/2020/12xxx/CVE-2020-12864.json b/2020/12xxx/CVE-2020-12864.json index ee3bd028d86..3071098770d 100644 --- a/2020/12xxx/CVE-2020-12864.json +++ b/2020/12xxx/CVE-2020-12864.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane", "url": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane" + }, + { + "refsource": "UBUNTU", + "name": "USN-4470-1", + "url": "https://usn.ubuntu.com/4470-1/" } ] } diff --git a/2020/12xxx/CVE-2020-12865.json b/2020/12xxx/CVE-2020-12865.json index a8d4ce4f312..e26d7dad806 100644 --- a/2020/12xxx/CVE-2020-12865.json +++ b/2020/12xxx/CVE-2020-12865.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200817 [SECURITY] [DLA 2332-1] sane-backends security update", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4470-1", + "url": "https://usn.ubuntu.com/4470-1/" } ] } diff --git a/2020/12xxx/CVE-2020-12866.json b/2020/12xxx/CVE-2020-12866.json index 8f5f991c1e0..889ba12a836 100644 --- a/2020/12xxx/CVE-2020-12866.json +++ b/2020/12xxx/CVE-2020-12866.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane", "url": "https://securitylab.github.com/advisories/GHSL-2020-075-libsane" + }, + { + "refsource": "UBUNTU", + "name": "USN-4470-1", + "url": "https://usn.ubuntu.com/4470-1/" } ] } diff --git a/2020/12xxx/CVE-2020-12867.json b/2020/12xxx/CVE-2020-12867.json index d1ba724a7fa..4b1af253cfe 100644 --- a/2020/12xxx/CVE-2020-12867.json +++ b/2020/12xxx/CVE-2020-12867.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200817 [SECURITY] [DLA 2332-1] sane-backends security update", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4470-1", + "url": "https://usn.ubuntu.com/4470-1/" } ] } diff --git a/2020/14xxx/CVE-2020-14514.json b/2020/14xxx/CVE-2020-14514.json index ea3839c3c21..a4debc9ead7 100644 --- a/2020/14xxx/CVE-2020-14514.json +++ b/2020/14xxx/CVE-2020-14514.json @@ -1,18 +1,85 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-14514", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Trailer Power Line Communications vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Multiple Vendors All trailer power line communications are affected.", + "product": { + "product_data": [ + { + "product_name": "Trailer Power Line Communications", + "version": { + "version_data": [ + { + "version_value": "All trailer power line communications are affected." + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All trailer Power Line Communications are affected. PLC bus traffic can be sniffed reliably via an active antenna up to 6 feet away. Further distances are also possible, subject to environmental conditions and receiver improvements." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "EXPOSURE OF SENSITIVE INFORMATION THROUGH SENT DATA CWE-201" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-01", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-20-219-01" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/15xxx/CVE-2020-15861.json b/2020/15xxx/CVE-2020-15861.json index 8d62e393701..4e991e2f74c 100644 --- a/2020/15xxx/CVE-2020-15861.json +++ b/2020/15xxx/CVE-2020-15861.json @@ -71,6 +71,11 @@ "refsource": "GENTOO", "name": "GLSA-202008-12", "url": "https://security.gentoo.org/glsa/202008-12" + }, + { + "refsource": "UBUNTU", + "name": "USN-4471-1", + "url": "https://usn.ubuntu.com/4471-1/" } ] } diff --git a/2020/15xxx/CVE-2020-15862.json b/2020/15xxx/CVE-2020-15862.json index 6779aceb321..6a461b0e9e3 100644 --- a/2020/15xxx/CVE-2020-15862.json +++ b/2020/15xxx/CVE-2020-15862.json @@ -76,6 +76,11 @@ "refsource": "GENTOO", "name": "GLSA-202008-12", "url": "https://security.gentoo.org/glsa/202008-12" + }, + { + "refsource": "UBUNTU", + "name": "USN-4471-1", + "url": "https://usn.ubuntu.com/4471-1/" } ] } diff --git a/2020/24xxx/CVE-2020-24554.json b/2020/24xxx/CVE-2020-24554.json index f0abe581c0e..2672b81b8b2 100644 --- a/2020/24xxx/CVE-2020-24554.json +++ b/2020/24xxx/CVE-2020-24554.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-24554", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-24554", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities", + "refsource": "MISC", + "name": "https://portal.liferay.dev/learn/security/known-vulnerabilities" + }, + { + "refsource": "CONFIRM", + "name": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784956", + "url": "https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/119784956" } ] } diff --git a/2020/2xxx/CVE-2020-2238.json b/2020/2xxx/CVE-2020-2238.json index 0062a698471..b7178d8fbe9 100644 --- a/2020/2xxx/CVE-2020-2238.json +++ b/2020/2xxx/CVE-2020-2238.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2238", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2239.json b/2020/2xxx/CVE-2020-2239.json index 435a4c823af..7ebf4ad47bd 100644 --- a/2020/2xxx/CVE-2020-2239.json +++ b/2020/2xxx/CVE-2020-2239.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2239", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2240.json b/2020/2xxx/CVE-2020-2240.json index e49970febff..613a4decbbf 100644 --- a/2020/2xxx/CVE-2020-2240.json +++ b/2020/2xxx/CVE-2020-2240.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2240", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2241.json b/2020/2xxx/CVE-2020-2241.json index 512e1dbaa73..b09629bd85a 100644 --- a/2020/2xxx/CVE-2020-2241.json +++ b/2020/2xxx/CVE-2020-2241.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2241", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2242.json b/2020/2xxx/CVE-2020-2242.json index b4c954f4fa2..ba2d44e3b5c 100644 --- a/2020/2xxx/CVE-2020-2242.json +++ b/2020/2xxx/CVE-2020-2242.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2242", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2243.json b/2020/2xxx/CVE-2020-2243.json index c72c2b56564..30e452472d3 100644 --- a/2020/2xxx/CVE-2020-2243.json +++ b/2020/2xxx/CVE-2020-2243.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2243", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2244.json b/2020/2xxx/CVE-2020-2244.json index 224a176c20a..af3e92da931 100644 --- a/2020/2xxx/CVE-2020-2244.json +++ b/2020/2xxx/CVE-2020-2244.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2244", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2245.json b/2020/2xxx/CVE-2020-2245.json index d2da354385e..d529cc49636 100644 --- a/2020/2xxx/CVE-2020-2245.json +++ b/2020/2xxx/CVE-2020-2245.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2245", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2246.json b/2020/2xxx/CVE-2020-2246.json index 94a520ace8f..5ec78199362 100644 --- a/2020/2xxx/CVE-2020-2246.json +++ b/2020/2xxx/CVE-2020-2246.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2246", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2247.json b/2020/2xxx/CVE-2020-2247.json index 8313e1172f3..e6e532e1e60 100644 --- a/2020/2xxx/CVE-2020-2247.json +++ b/2020/2xxx/CVE-2020-2247.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2247", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2248.json b/2020/2xxx/CVE-2020-2248.json index 4b1a4bf6358..c1881c13b39 100644 --- a/2020/2xxx/CVE-2020-2248.json +++ b/2020/2xxx/CVE-2020-2248.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2248", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2249.json b/2020/2xxx/CVE-2020-2249.json index 603374d747a..9b65ac3f8f5 100644 --- a/2020/2xxx/CVE-2020-2249.json +++ b/2020/2xxx/CVE-2020-2249.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2249", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2250.json b/2020/2xxx/CVE-2020-2250.json index e1d19febf3a..030f4161d56 100644 --- a/2020/2xxx/CVE-2020-2250.json +++ b/2020/2xxx/CVE-2020-2250.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2250", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2251.json b/2020/2xxx/CVE-2020-2251.json index 9102923252f..3044b1ccbf8 100644 --- a/2020/2xxx/CVE-2020-2251.json +++ b/2020/2xxx/CVE-2020-2251.json @@ -1,7 +1,8 @@ { "CVE_data_meta": { "ID": "CVE-2020-2251", - "ASSIGNER": "jenkinsci-cert@googlegroups.com" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/6xxx/CVE-2020-6117.json b/2020/6xxx/CVE-2020-6117.json index 10ccf2a59db..c2188e23420 100644 --- a/2020/6xxx/CVE-2020-6117.json +++ b/2020/6xxx/CVE-2020-6117.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6117", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OS4ED\"", + "version": { + "version_data": [ + { + "version_value": "OS4Ed openSIS 7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1072", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1072" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bday parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability." } ] } diff --git a/2020/6xxx/CVE-2020-6118.json b/2020/6xxx/CVE-2020-6118.json index 341810d75d7..39860cb5226 100644 --- a/2020/6xxx/CVE-2020-6118.json +++ b/2020/6xxx/CVE-2020-6118.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6118", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OS4ED\"", + "version": { + "version_data": [ + { + "version_value": "OS4Ed openSIS 7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1072", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1072" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The bmonth parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability." } ] } diff --git a/2020/6xxx/CVE-2020-6119.json b/2020/6xxx/CVE-2020-6119.json index 6a2c30c875c..33854a1b82e 100644 --- a/2020/6xxx/CVE-2020-6119.json +++ b/2020/6xxx/CVE-2020-6119.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6119", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OS4Ed", + "version": { + "version_data": [ + { + "version_value": "OS4Ed openSIS 7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1072", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1072" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The byear parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability." } ] } diff --git a/2020/6xxx/CVE-2020-6120.json b/2020/6xxx/CVE-2020-6120.json index f1688f15d3b..cf897fb989f 100644 --- a/2020/6xxx/CVE-2020-6120.json +++ b/2020/6xxx/CVE-2020-6120.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6120", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OS4Ed", + "version": { + "version_data": [ + { + "version_value": "OS4Ed openSIS 7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1072", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1072" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The fn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability." } ] } diff --git a/2020/6xxx/CVE-2020-6121.json b/2020/6xxx/CVE-2020-6121.json index bdd170e7647..d94add87619 100644 --- a/2020/6xxx/CVE-2020-6121.json +++ b/2020/6xxx/CVE-2020-6121.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6121", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OS4Ed", + "version": { + "version_data": [ + { + "version_value": "OS4Ed openSIS 7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1072", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1072" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerabilities exist in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The ln parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability." } ] } diff --git a/2020/6xxx/CVE-2020-6122.json b/2020/6xxx/CVE-2020-6122.json index e863c9a417d..96ab314b96f 100644 --- a/2020/6xxx/CVE-2020-6122.json +++ b/2020/6xxx/CVE-2020-6122.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6122", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OS4Ed", + "version": { + "version_data": [ + { + "version_value": "OS4Ed openSIS 7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection\"" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1072", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1072" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability exists in the CheckDuplicateStudent.php page of OS4Ed openSIS 7.3. The mn parameter in the page CheckDuplicateStudent.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability." } ] } diff --git a/2020/6xxx/CVE-2020-6129.json b/2020/6xxx/CVE-2020-6129.json index 95dabafeb5d..10338a9f84f 100644 --- a/2020/6xxx/CVE-2020-6129.json +++ b/2020/6xxx/CVE-2020-6129.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6129", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OS4ED", + "version": { + "version_data": [ + { + "version_value": "OS4Ed openSIS 7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1076", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1076" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page CpSessionSet.php is vulnerable to SQL injection.An attacker can make an authenticated HTTP request to trigger these vulnerabilities." } ] } diff --git a/2020/6xxx/CVE-2020-6130.json b/2020/6xxx/CVE-2020-6130.json index f8dc07ad0f0..bee106520a4 100644 --- a/2020/6xxx/CVE-2020-6130.json +++ b/2020/6xxx/CVE-2020-6130.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6130", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OS4ED", + "version": { + "version_data": [ + { + "version_value": "OS4Ed openSIS 7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1076", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1076" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassDropSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities." } ] } diff --git a/2020/6xxx/CVE-2020-6131.json b/2020/6xxx/CVE-2020-6131.json index 6c0e0303cee..aae8f3efca7 100644 --- a/2020/6xxx/CVE-2020-6131.json +++ b/2020/6xxx/CVE-2020-6131.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6131", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OS4ED", + "version": { + "version_data": [ + { + "version_value": "OS4Ed openSIS 7.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1076", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1076" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerabilities exist in the course_period_id parameters used in OS4Ed openSIS 7.3 pages. The course_period_id parameter in the page MassScheduleSessionSet.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities." } ] } diff --git a/2020/7xxx/CVE-2020-7665.json b/2020/7xxx/CVE-2020-7665.json index 501945f4b3d..30a2a295432 100644 --- a/2020/7xxx/CVE-2020-7665.json +++ b/2020/7xxx/CVE-2020-7665.json @@ -48,12 +48,14 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUROOTUROOTPKGUZIP-570441" + "refsource": "MISC", + "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUROOTUROOTPKGUZIP-570441", + "name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUROOTUROOTPKGUZIP-570441" }, { - "refsource": "CONFIRM", - "url": "https://github.com/u-root/u-root/pull/1817" + "refsource": "MISC", + "url": "https://github.com/u-root/u-root/pull/1817", + "name": "https://github.com/u-root/u-root/pull/1817" } ] }, @@ -61,7 +63,7 @@ "description_data": [ { "lang": "eng", - "value": "This affects all versions of package github.com/u-root/u-root/pkg/uzip.\n It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction.\r\n\r\n\r\n" + "value": "This affects all versions of package github.com/u-root/u-root/pkg/uzip. It is vulnerable to both leading and non-leading relative path traversal attacks in zip file extraction." } ] },