diff --git a/2019/11xxx/CVE-2019-11358.json b/2019/11xxx/CVE-2019-11358.json index 07170a9af97..e0a23e4d60f 100644 --- a/2019/11xxx/CVE-2019-11358.json +++ b/2019/11xxx/CVE-2019-11358.json @@ -351,6 +351,11 @@ "refsource": "MLIST", "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery", "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73@%3Cissues.flink.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery", + "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08@%3Cissues.flink.apache.org%3E" } ] } diff --git a/2020/11xxx/CVE-2020-11531.json b/2020/11xxx/CVE-2020-11531.json index 9b172b945e5..fc25689c85b 100644 --- a/2020/11xxx/CVE-2020-11531.json +++ b/2020/11xxx/CVE-2020-11531.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/157604/ManageEngine-DataSecurity-Plus-Path-Traversal-Code-Execution.html", "url": "http://packetstormsecurity.com/files/157604/ManageEngine-DataSecurity-Plus-Path-Traversal-Code-Execution.html" + }, + { + "refsource": "CONFIRM", + "name": "https://pitstop.manageengine.com/portal/community/topic/upgrade-datasecurity-plus-to-the-build-6013-to-fix-security-issues", + "url": "https://pitstop.manageengine.com/portal/community/topic/upgrade-datasecurity-plus-to-the-build-6013-to-fix-security-issues" } ] } diff --git a/2020/11xxx/CVE-2020-11532.json b/2020/11xxx/CVE-2020-11532.json index 02b267a07b7..6273cd79a7f 100644 --- a/2020/11xxx/CVE-2020-11532.json +++ b/2020/11xxx/CVE-2020-11532.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/157609/ManageEngine-DataSecurity-Plus-Authentication-Bypass.html", "url": "http://packetstormsecurity.com/files/157609/ManageEngine-DataSecurity-Plus-Authentication-Bypass.html" + }, + { + "refsource": "CONFIRM", + "name": "https://pitstop.manageengine.com/portal/community/topic/upgrade-datasecurity-plus-to-the-build-6013-to-fix-security-issues", + "url": "https://pitstop.manageengine.com/portal/community/topic/upgrade-datasecurity-plus-to-the-build-6013-to-fix-security-issues" } ] } diff --git a/2020/12xxx/CVE-2020-12102.json b/2020/12xxx/CVE-2020-12102.json index 11961e92f2f..9e6e0b18388 100644 --- a/2020/12xxx/CVE-2020-12102.json +++ b/2020/12xxx/CVE-2020-12102.json @@ -61,6 +61,16 @@ "refsource": "MISC", "name": "https://www.quantumleap.it/tiny-file-manager-path-traversal-recursive-directory-listing-and-absolute-path-file-backup-copy/", "url": "https://www.quantumleap.it/tiny-file-manager-path-traversal-recursive-directory-listing-and-absolute-path-file-backup-copy/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a3ce76365f29d06", + "url": "https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a3ce76365f29d06" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/prasathmani/tinyfilemanager/issues/357", + "url": "https://github.com/prasathmani/tinyfilemanager/issues/357" } ] } diff --git a/2020/12xxx/CVE-2020-12103.json b/2020/12xxx/CVE-2020-12103.json index 27e560c5eab..a2a955281ce 100644 --- a/2020/12xxx/CVE-2020-12103.json +++ b/2020/12xxx/CVE-2020-12103.json @@ -61,6 +61,16 @@ "refsource": "MISC", "name": "https://www.quantumleap.it/tiny-file-manager-path-traversal-recursive-directory-listing-and-absolute-path-file-backup-copy/", "url": "https://www.quantumleap.it/tiny-file-manager-path-traversal-recursive-directory-listing-and-absolute-path-file-backup-copy/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a3ce76365f29d06", + "url": "https://github.com/prasathmani/tinyfilemanager/commit/a0c595a8e11e55a43eeaa68e1a3ce76365f29d06" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/prasathmani/tinyfilemanager/issues/357", + "url": "https://github.com/prasathmani/tinyfilemanager/issues/357" } ] } diff --git a/2020/13xxx/CVE-2020-13091.json b/2020/13xxx/CVE-2020-13091.json index 1a66369a2bd..dd6b45114b6 100644 --- a/2020/13xxx/CVE-2020-13091.json +++ b/2020/13xxx/CVE-2020-13091.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call." + "value": "** DISPUTED ** pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the read_pickle() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner." } ] }, @@ -56,6 +56,11 @@ "url": "https://github.com/0FuzzingQ/vuln/blob/master/pandas%20unserialize.md", "refsource": "MISC", "name": "https://github.com/0FuzzingQ/vuln/blob/master/pandas%20unserialize.md" + }, + { + "refsource": "MISC", + "name": "https://pandas.pydata.org/pandas-docs/stable/reference/api/pandas.read_pickle.html", + "url": "https://pandas.pydata.org/pandas-docs/stable/reference/api/pandas.read_pickle.html" } ] } diff --git a/2020/13xxx/CVE-2020-13092.json b/2020/13xxx/CVE-2020-13092.json index 1a783d28566..29f77706e76 100644 --- a/2020/13xxx/CVE-2020-13092.json +++ b/2020/13xxx/CVE-2020-13092.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call." + "value": "** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. NOTE: third parties dispute this issue because the joblib.load() function is documented as unsafe and it is the user's responsibility to use the function in a secure manner." } ] }, @@ -56,6 +56,11 @@ "url": "https://github.com/0FuzzingQ/vuln/blob/master/sklearn%20unserialize.md", "refsource": "MISC", "name": "https://github.com/0FuzzingQ/vuln/blob/master/sklearn%20unserialize.md" + }, + { + "refsource": "MISC", + "name": "https://scikit-learn.org/stable/modules/model_persistence.html#security-maintainability-limitations", + "url": "https://scikit-learn.org/stable/modules/model_persistence.html#security-maintainability-limitations" } ] } diff --git a/2020/13xxx/CVE-2020-13129.json b/2020/13xxx/CVE-2020-13129.json index 7e1bbd14c4e..6ce927de0d7 100644 --- a/2020/13xxx/CVE-2020-13129.json +++ b/2020/13xxx/CVE-2020-13129.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in the stashcat app through 3.9.1 for macOS. The GET method is used with client_key and device_id data in the query string, which allows attackers to obtain sensitive information by reading web-server logs." + "value": "An issue was discovered in the stashcat app through 3.9.1 for macOS, Windows, Android, iOS, and possibly other platforms. The GET method is used with client_key and device_id data in the query string, which allows attackers to obtain sensitive information by reading web-server logs." } ] }, @@ -58,9 +58,9 @@ "name": "https://www.jvanlaak.de/stashcat.html" }, { - "url": "https://www.jvanlaak.de/stashcat_CWE_598_205017.pdf", "refsource": "MISC", - "name": "https://www.jvanlaak.de/stashcat_CWE_598_205017.pdf" + "name": "https://www.jvanlaak.de/stashcat_CWE_598_200517.pdf", + "url": "https://www.jvanlaak.de/stashcat_CWE_598_200517.pdf" } ] }