"-Synchronized-Data."

2019/11xxx/CVE-2019-11358.json

@@ -351,6 +351,11 @@
                 "refsource": "MLIST",
                 "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
                 "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E"
+            },
+            {
+                "refsource": "MLIST",
+                "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
+                "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E"
             }
         ]
     }

2020/11xxx/CVE-2020-11531.json

@@ -61,6 +61,11 @@
                 "refsource": "MISC",
                 "name": "http://packetstormsecurity.com/files/157604/ManageEngine-DataSecurity-Plus-Path-Traversal-Code-Execution.html",
                 "url": "http://packetstormsecurity.com/files/157604/ManageEngine-DataSecurity-Plus-Path-Traversal-Code-Execution.html"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://pitstop.manageengine.com/portal/community/topic/upgrade-datasecurity-plus-to-the-build-6013-to-fix-security-issues",
+                "url": "https://pitstop.manageengine.com/portal/community/topic/upgrade-datasecurity-plus-to-the-build-6013-to-fix-security-issues"
             }
         ]
     }

2020/11xxx/CVE-2020-11532.json

@@ -61,6 +61,11 @@
                 "refsource": "MISC",
                 "name": "http://packetstormsecurity.com/files/157609/ManageEngine-DataSecurity-Plus-Authentication-Bypass.html",
                 "url": "http://packetstormsecurity.com/files/157609/ManageEngine-DataSecurity-Plus-Authentication-Bypass.html"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://pitstop.manageengine.com/portal/community/topic/upgrade-datasecurity-plus-to-the-build-6013-to-fix-security-issues",
+                "url": "https://pitstop.manageengine.com/portal/community/topic/upgrade-datasecurity-plus-to-the-build-6013-to-fix-security-issues"
             }
         ]
     }

2020/12xxx/CVE-2020-12102.json

@@ -61,6 +61,16 @@
                 "refsource": "MISC",
                 "name": "https://www.quantumleap.it/tiny-file-manager-path-traversal-recursive-directory-listing-and-absolute-path-file-backup-copy/",
                 "url": "https://www.quantumleap.it/tiny-file-manager-path-traversal-recursive-directory-listing-and-absolute-path-file-backup-copy/"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a3ce76365f29d06",
+                "url": "https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a3ce76365f29d06"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://github.com/prasathmani/tinyfilemanager/issues/357",
+                "url": "https://github.com/prasathmani/tinyfilemanager/issues/357"
             }
         ]
     }

2020/12xxx/CVE-2020-12103.json

@@ -61,6 +61,16 @@
                 "refsource": "MISC",
                 "name": "https://www.quantumleap.it/tiny-file-manager-path-traversal-recursive-directory-listing-and-absolute-path-file-backup-copy/",
                 "url": "https://www.quantumleap.it/tiny-file-manager-path-traversal-recursive-directory-listing-and-absolute-path-file-backup-copy/"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a3ce76365f29d06",
+                "url": "https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a3ce76365f29d06"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://github.com/prasathmani/tinyfilemanager/issues/357",
+                "url": "https://github.com/prasathmani/tinyfilemanager/issues/357"
             }
         ]
     }

2020/13xxx/CVE-2020-13091.json

@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call."
+                "value": "** DISPUTED ** pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the read_pickle() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner."
             }
         ]
     },
@@ -56,6 +56,11 @@
                 "url": "https://github.com/0FuzzingQ/vuln/blob/master/pandas%20unserialize.md",
                 "refsource": "MISC",
                 "name": "https://github.com/0FuzzingQ/vuln/blob/master/pandas%20unserialize.md"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://pandas.pydata.org/pandas-docs/stable/reference/api/pandas.read_pickle.html",
+                "url": "https://pandas.pydata.org/pandas-docs/stable/reference/api/pandas.read_pickle.html"
             }
         ]
     }

2020/13xxx/CVE-2020-13092.json

@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call."
+                "value": "** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner."
             }
         ]
     },
@@ -56,6 +56,11 @@
                 "url": "https://github.com/0FuzzingQ/vuln/blob/master/sklearn%20unserialize.md",
                 "refsource": "MISC",
                 "name": "https://github.com/0FuzzingQ/vuln/blob/master/sklearn%20unserialize.md"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://scikit-learn.org/stable/modules/model_persistence.html#security-maintainability-limitations",
+                "url": "https://scikit-learn.org/stable/modules/model_persistence.html#security-maintainability-limitations"
             }
         ]
     }

2020/13xxx/CVE-2020-13129.json

@@ -34,7 +34,7 @@
         "description_data": [
             {
                 "lang": "eng",
-                "value": "An issue was discovered in the stashcat app through 3.9.1 for macOS. The GET method is used with client_key and device_id data in the query string, which allows attackers to obtain sensitive information by reading web-server logs."
+                "value": "An issue was discovered in the stashcat app through 3.9.1 for macOS, Windows, Android, iOS, and possibly other platforms. The GET method is used with client_key and device_id data in the query string, which allows attackers to obtain sensitive information by reading web-server logs."
             }
         ]
     },
@@ -58,9 +58,9 @@
                 "name": "https://www.jvanlaak.de/stashcat.html"
             },
             {
-                "url": "https://www.jvanlaak.de/stashcat_CWE_598_205017.pdf",
                 "refsource": "MISC",
-                "name": "https://www.jvanlaak.de/stashcat_CWE_598_205017.pdf"
+                "name": "https://www.jvanlaak.de/stashcat_CWE_598_200517.pdf",
+                "url": "https://www.jvanlaak.de/stashcat_CWE_598_200517.pdf"
             }
         ]
     }