diff --git a/2018/21xxx/CVE-2018-21233.json b/2018/21xxx/CVE-2018-21233.json new file mode 100644 index 00000000000..9937c0c3e6b --- /dev/null +++ b/2018/21xxx/CVE-2018-21233.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-21233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TensorFlow before 1.7.0 has an integer overflow that causes an out-of-bounds read, possibly causing disclosure of the contents of process memory. This occurs in the DecodeBmp feature of the BMP decoder in core/kernels/decode_bmp_op.cc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-001.md", + "refsource": "MISC", + "name": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-001.md" + }, + { + "url": "https://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae433", + "refsource": "MISC", + "name": "https://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae433" + } + ] + } +} \ No newline at end of file diff --git a/2018/7xxx/CVE-2018-7574.json b/2018/7xxx/CVE-2018-7574.json index fb7dc921612..6c0e5d0796c 100644 --- a/2018/7xxx/CVE-2018-7574.json +++ b/2018/7xxx/CVE-2018-7574.json @@ -1,61 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-7574", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-7574", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Google TensorFlow 1.6.x and earlier is affected by a Null Pointer Dereference vulnerability. The type of exploitation is: context-dependent." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "name": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-001.md", - "url": "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-001.md" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7576, CVE-2018-21233. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should consult CVE-2018-7576 and CVE-2018-21233 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2019/16xxx/CVE-2019-16234.json b/2019/16xxx/CVE-2019-16234.json index 6c85fb4bbb3..8ea282b5a87 100644 --- a/2019/16xxx/CVE-2019-16234.json +++ b/2019/16xxx/CVE-2019-16234.json @@ -76,6 +76,11 @@ "refsource": "UBUNTU", "name": "USN-4344-1", "url": "https://usn.ubuntu.com/4344-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4345-1", + "url": "https://usn.ubuntu.com/4345-1/" } ] } diff --git a/2019/18xxx/CVE-2019-18348.json b/2019/18xxx/CVE-2019-18348.json index 2f26869fb79..66a7cf17e09 100644 --- a/2019/18xxx/CVE-2019-18348.json +++ b/2019/18xxx/CVE-2019-18348.json @@ -86,6 +86,11 @@ "refsource": "UBUNTU", "name": "USN-4333-1", "url": "https://usn.ubuntu.com/4333-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4333-2", + "url": "https://usn.ubuntu.com/4333-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19768.json b/2019/19xxx/CVE-2019-19768.json index 01a6b084317..a7f0076683c 100644 --- a/2019/19xxx/CVE-2019-19768.json +++ b/2019/19xxx/CVE-2019-19768.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4344-1", "url": "https://usn.ubuntu.com/4344-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4345-1", + "url": "https://usn.ubuntu.com/4345-1/" } ] } diff --git a/2020/10xxx/CVE-2020-10933.json b/2020/10xxx/CVE-2020-10933.json index c74d419a4c8..c64a561c081 100644 --- a/2020/10xxx/CVE-2020-10933.json +++ b/2020/10xxx/CVE-2020-10933.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10933", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10933", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/", + "url": "https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/" } ] } diff --git a/2020/10xxx/CVE-2020-10942.json b/2020/10xxx/CVE-2020-10942.json index d56cb73bcd6..e6e5a7ad813 100644 --- a/2020/10xxx/CVE-2020-10942.json +++ b/2020/10xxx/CVE-2020-10942.json @@ -91,6 +91,11 @@ "refsource": "UBUNTU", "name": "USN-4344-1", "url": "https://usn.ubuntu.com/4344-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4345-1", + "url": "https://usn.ubuntu.com/4345-1/" } ] } diff --git a/2020/11xxx/CVE-2020-11608.json b/2020/11xxx/CVE-2020-11608.json index 83fdbacb903..f0bd0083379 100644 --- a/2020/11xxx/CVE-2020-11608.json +++ b/2020/11xxx/CVE-2020-11608.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200430-0004/", "url": "https://security.netapp.com/advisory/ntap-20200430-0004/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4345-1", + "url": "https://usn.ubuntu.com/4345-1/" } ] } diff --git a/2020/11xxx/CVE-2020-11609.json b/2020/11xxx/CVE-2020-11609.json index 119da1525b9..4f176b1963e 100644 --- a/2020/11xxx/CVE-2020-11609.json +++ b/2020/11xxx/CVE-2020-11609.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200430-0004/", "url": "https://security.netapp.com/advisory/ntap-20200430-0004/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4345-1", + "url": "https://usn.ubuntu.com/4345-1/" } ] } diff --git a/2020/11xxx/CVE-2020-11668.json b/2020/11xxx/CVE-2020-11668.json index fe47ac9e9f5..4c419b27c2e 100644 --- a/2020/11xxx/CVE-2020-11668.json +++ b/2020/11xxx/CVE-2020-11668.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200430-0004/", "url": "https://security.netapp.com/advisory/ntap-20200430-0004/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4345-1", + "url": "https://usn.ubuntu.com/4345-1/" } ] } diff --git a/2020/11xxx/CVE-2020-11884.json b/2020/11xxx/CVE-2020-11884.json index bd207ff29cf..df4b480b28d 100644 --- a/2020/11xxx/CVE-2020-11884.json +++ b/2020/11xxx/CVE-2020-11884.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-b453269c4e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TZBP2HINNAX7HKHCOUMIFVQPV6GWMCZ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4345-1", + "url": "https://usn.ubuntu.com/4345-1/" } ] } diff --git a/2020/12xxx/CVE-2020-12111.json b/2020/12xxx/CVE-2020-12111.json index 9580ac9443b..cfe2e73a454 100644 --- a/2020/12xxx/CVE-2020-12111.json +++ b/2020/12xxx/CVE-2020-12111.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-12111", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-12111", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.tp-link.com/us/security", + "refsource": "MISC", + "name": "https://www.tp-link.com/us/security" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2020/May/4", + "url": "https://seclists.org/fulldisclosure/2020/May/4" } ] } diff --git a/2020/12xxx/CVE-2020-12640.json b/2020/12xxx/CVE-2020-12640.json new file mode 100644 index 00000000000..9b07095e098 --- /dev/null +++ b/2020/12xxx/CVE-2020-12640.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-12640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.4.4", + "refsource": "MISC", + "name": "https://github.com/roundcube/roundcubemail/releases/tag/1.4.4" + }, + { + "url": "https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4", + "refsource": "MISC", + "name": "https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4" + }, + { + "url": "https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10", + "refsource": "MISC", + "name": "https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10" + }, + { + "url": "https://github.com/roundcube/roundcubemail/commit/814eadb699e8576ce3a78f21e95bf69a7c7b3794", + "refsource": "MISC", + "name": "https://github.com/roundcube/roundcubemail/commit/814eadb699e8576ce3a78f21e95bf69a7c7b3794" + } + ] + } +} \ No newline at end of file diff --git a/2020/12xxx/CVE-2020-12641.json b/2020/12xxx/CVE-2020-12641.json new file mode 100644 index 00000000000..65b78222eb0 --- /dev/null +++ b/2020/12xxx/CVE-2020-12641.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-12641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.4.4", + "refsource": "MISC", + "name": "https://github.com/roundcube/roundcubemail/releases/tag/1.4.4" + }, + { + "url": "https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4", + "refsource": "MISC", + "name": "https://github.com/roundcube/roundcubemail/compare/1.4.3...1.4.4" + }, + { + "url": "https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10", + "refsource": "MISC", + "name": "https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10" + }, + { + "url": "https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3", + "refsource": "MISC", + "name": "https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3" + } + ] + } +} \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3899.json b/2020/3xxx/CVE-2020-3899.json index 01a2605be67..41c1e38940b 100644 --- a/2020/3xxx/CVE-2020-3899.json +++ b/2020/3xxx/CVE-2020-3899.json @@ -154,6 +154,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-7f34d2cfd8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPGNJ7JQCD6IE2SCSFAIMSUY5XHOYWKE/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4347-1", + "url": "https://usn.ubuntu.com/4347-1/" } ] }, diff --git a/2020/8xxx/CVE-2020-8492.json b/2020/8xxx/CVE-2020-8492.json index 1ba1cd2b059..34dd365707f 100644 --- a/2020/8xxx/CVE-2020-8492.json +++ b/2020/8xxx/CVE-2020-8492.json @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4333-1", "url": "https://usn.ubuntu.com/4333-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4333-2", + "url": "https://usn.ubuntu.com/4333-2/" } ] } diff --git a/2020/8xxx/CVE-2020-8648.json b/2020/8xxx/CVE-2020-8648.json index d142f175208..785934b261b 100644 --- a/2020/8xxx/CVE-2020-8648.json +++ b/2020/8xxx/CVE-2020-8648.json @@ -66,6 +66,11 @@ "refsource": "UBUNTU", "name": "USN-4344-1", "url": "https://usn.ubuntu.com/4344-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4345-1", + "url": "https://usn.ubuntu.com/4345-1/" } ] } diff --git a/2020/9xxx/CVE-2020-9383.json b/2020/9xxx/CVE-2020-9383.json index 192e79dd0fa..7065d62c4be 100644 --- a/2020/9xxx/CVE-2020-9383.json +++ b/2020/9xxx/CVE-2020-9383.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4344-1", "url": "https://usn.ubuntu.com/4344-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4345-1", + "url": "https://usn.ubuntu.com/4345-1/" } ] }