"-Synchronized-Data."

2025-05-06 18:53:08 +00:00 · 2020-01-22 16:01:08 +00:00 · 2020-01-22 16:01:08 +00:00 · 2d6c1e3acd
commit 2d6c1e3acd
parent eb87ddfbbc
7 changed files with 132 additions and 9 deletions
--- a/2011/3xxx/CVE-2011-3595.json
+++ b/2011/3xxx/CVE-2011-3595.json
@ -1,8 +1,31 @@
 {
    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
+        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2011-3595",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Joomla!",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Joomla!",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "<= 1.7.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
@ -11,7 +34,38 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "XSS"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://www.openwall.com/lists/oss-security/2011/10/04/7",
+                "refsource": "MISC",
+                "name": "https://www.openwall.com/lists/oss-security/2011/10/04/7"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://www.rapid7.com/db/vulnerabilities/joomla-20110902-core-xss-vulnerability",
+                "url": "https://www.rapid7.com/db/vulnerabilities/joomla-20110902-core-xss-vulnerability"
+            },
+            {
+                "refsource": "MISC",
+                "name": "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-stable%5D_cross_site_scripting%28XSS%29",
+                "url": "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-stable%5D_cross_site_scripting%28XSS%29"
            }
        ]
    }
--- a/2011/3xxx/CVE-2011-3610.json
+++ b/2011/3xxx/CVE-2011-3610.json
@ -1,8 +1,31 @@
 {
    "CVE_data_meta": {
-        "ASSIGNER": "cve@mitre.org",
+        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2011-3610",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Serendipity",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "serendipity freetag plugin",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "before 3.30"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
@ -11,7 +34,38 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf."
+            }
+        ]
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "XSS"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://www.openwall.com/lists/oss-security/2011/10/10/3",
+                "refsource": "MISC",
+                "name": "https://www.openwall.com/lists/oss-security/2011/10/10/3"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://packetstormsecurity.com/files/105054/Secunia-Security-Advisory-46005.html",
+                "url": "https://packetstormsecurity.com/files/105054/Secunia-Security-Advisory-46005.html"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://git.schokokeks.org/freewvs.git/blob/ddc4be296c9c49987b53be064d6d2a9d12f50452/freewvsdb/plugins.freewvs",
+                "url": "https://git.schokokeks.org/freewvs.git/blob/ddc4be296c9c49987b53be064d6d2a9d12f50452/freewvsdb/plugins.freewvs"
            }
        ]
    }
--- a/2018/13xxx/CVE-2018-13380.json
+++ b/2018/13xxx/CVE-2018-13380.json
@ -71,7 +71,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters."
+                "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters."
            }
        ]
    }
--- a/2018/13xxx/CVE-2018-13383.json
+++ b/2018/13xxx/CVE-2018-13383.json
@ -70,7 +70,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A heap buffer overflow in Fortinet FortiOS all versions below 6.0.5 in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages."
+                "value": "A heap buffer overflow in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.10, 5.4.0 to 5.4.12, 5.2.14 and below in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages."
            }
        ]
    }
--- a/2018/19xxx/CVE-2018-19442.json
+++ b/2018/19xxx/CVE-2018-19442.json
@ -56,6 +56,11 @@
                "refsource": "MISC",
                "name": "https://media.ccc.de/v/eh19-157-smart-vacuum-cleaners-as-remote-wiretapping-devices#t=1779",
                "url": "https://media.ccc.de/v/eh19-157-smart-vacuum-cleaners-as-remote-wiretapping-devices#t=1779"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://www.usenix.org/system/files/woot19-paper_ullrich.pdf",
+                "url": "https://www.usenix.org/system/files/woot19-paper_ullrich.pdf"
            }
        ]
    }
--- a/2018/1xxx/CVE-2018-1351.json
+++ b/2018/1xxx/CVE-2018-1351.json
@ -35,7 +35,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0 and below versions allows attacker to execute HTML/javascript code via managed remote devices' CLI commands by viewing the remote device CLI config installation log."
+                "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log."
            }
        ]
    },
--- a/2020/7xxx/CVE-2020-7040.json
+++ b/2020/7xxx/CVE-2020-7040.json
@ -71,6 +71,16 @@
                "refsource": "MLIST",
                "name": "[oss-security] 20200121 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock",
                "url": "http://www.openwall.com/lists/oss-security/2020/01/21/2"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200122 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock",
+                "url": "http://www.openwall.com/lists/oss-security/2020/01/22/2"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[oss-security] 20200122 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock",
+                "url": "http://www.openwall.com/lists/oss-security/2020/01/22/3"
            }
        ]
    }