diff --git a/2011/3xxx/CVE-2011-3595.json b/2011/3xxx/CVE-2011-3595.json index 81b3e1c7392..89e0428eca5 100644 --- a/2011/3xxx/CVE-2011-3595.json +++ b/2011/3xxx/CVE-2011-3595.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3595", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla!", + "product": { + "product_data": [ + { + "product_name": "Joomla!", + "version": { + "version_data": [ + { + "version_value": "<= 1.7.0" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/04/7", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/04/7" + }, + { + "refsource": "MISC", + "name": "https://www.rapid7.com/db/vulnerabilities/joomla-20110902-core-xss-vulnerability", + "url": "https://www.rapid7.com/db/vulnerabilities/joomla-20110902-core-xss-vulnerability" + }, + { + "refsource": "MISC", + "name": "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-stable%5D_cross_site_scripting%28XSS%29", + "url": "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-stable%5D_cross_site_scripting%28XSS%29" } ] } diff --git a/2011/3xxx/CVE-2011-3610.json b/2011/3xxx/CVE-2011-3610.json index dfd2c4ffb9f..2c2a68fecb6 100644 --- a/2011/3xxx/CVE-2011-3610.json +++ b/2011/3xxx/CVE-2011-3610.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3610", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Serendipity", + "product": { + "product_data": [ + { + "product_name": "serendipity freetag plugin", + "version": { + "version_data": [ + { + "version_value": "before 3.30" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/10/3", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/10/3" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/105054/Secunia-Security-Advisory-46005.html", + "url": "https://packetstormsecurity.com/files/105054/Secunia-Security-Advisory-46005.html" + }, + { + "refsource": "MISC", + "name": "https://git.schokokeks.org/freewvs.git/blob/ddc4be296c9c49987b53be064d6d2a9d12f50452/freewvsdb/plugins.freewvs", + "url": "https://git.schokokeks.org/freewvs.git/blob/ddc4be296c9c49987b53be064d6d2a9d12f50452/freewvsdb/plugins.freewvs" } ] } diff --git a/2018/13xxx/CVE-2018-13380.json b/2018/13xxx/CVE-2018-13380.json index da010726c0b..ee7fb9181d6 100644 --- a/2018/13xxx/CVE-2018-13380.json +++ b/2018/13xxx/CVE-2018-13380.json @@ -71,7 +71,7 @@ "description_data": [ { "lang": "eng", - "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters." + "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters." } ] } diff --git a/2018/13xxx/CVE-2018-13383.json b/2018/13xxx/CVE-2018-13383.json index 0d204691c6f..6b854e7ca24 100644 --- a/2018/13xxx/CVE-2018-13383.json +++ b/2018/13xxx/CVE-2018-13383.json @@ -70,7 +70,7 @@ "description_data": [ { "lang": "eng", - "value": "A heap buffer overflow in Fortinet FortiOS all versions below 6.0.5 in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages." + "value": "A heap buffer overflow in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.10, 5.4.0 to 5.4.12, 5.2.14 and below in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages." } ] } diff --git a/2018/19xxx/CVE-2018-19442.json b/2018/19xxx/CVE-2018-19442.json index ed19ea60a9c..7f5169fefc2 100644 --- a/2018/19xxx/CVE-2018-19442.json +++ b/2018/19xxx/CVE-2018-19442.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://media.ccc.de/v/eh19-157-smart-vacuum-cleaners-as-remote-wiretapping-devices#t=1779", "url": "https://media.ccc.de/v/eh19-157-smart-vacuum-cleaners-as-remote-wiretapping-devices#t=1779" + }, + { + "refsource": "MISC", + "name": "https://www.usenix.org/system/files/woot19-paper_ullrich.pdf", + "url": "https://www.usenix.org/system/files/woot19-paper_ullrich.pdf" } ] } diff --git a/2018/1xxx/CVE-2018-1351.json b/2018/1xxx/CVE-2018-1351.json index 93cf1ac38eb..ab863d09a11 100644 --- a/2018/1xxx/CVE-2018-1351.json +++ b/2018/1xxx/CVE-2018-1351.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0 and below versions allows attacker to execute HTML/javascript code via managed remote devices' CLI commands by viewing the remote device CLI config installation log." + "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log." } ] }, diff --git a/2020/7xxx/CVE-2020-7040.json b/2020/7xxx/CVE-2020-7040.json index 2d488684fe7..ce8c6c279f7 100644 --- a/2020/7xxx/CVE-2020-7040.json +++ b/2020/7xxx/CVE-2020-7040.json @@ -71,6 +71,16 @@ "refsource": "MLIST", "name": "[oss-security] 20200121 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock", "url": "http://www.openwall.com/lists/oss-security/2020/01/21/2" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200122 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock", + "url": "http://www.openwall.com/lists/oss-security/2020/01/22/2" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200122 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock", + "url": "http://www.openwall.com/lists/oss-security/2020/01/22/3" } ] }