diff --git a/2019/19xxx/CVE-2019-19854.json b/2019/19xxx/CVE-2019-19854.json index 67cdfe2d11f..4e73e759616 100644 --- a/2019/19xxx/CVE-2019-19854.json +++ b/2019/19xxx/CVE-2019-19854.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19854", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19854", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. It does not use CSRF Tokens to mitigate against CSRF; it uses the Origin header (which must match the request origin). This is problematic in conjunction with XSS: one can escalate privileges from User level to Administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://websec.nl/news.php", + "url": "https://websec.nl/news.php" } ] } diff --git a/2019/19xxx/CVE-2019-19855.json b/2019/19xxx/CVE-2019-19855.json index 0af738af336..a34045454f0 100644 --- a/2019/19xxx/CVE-2019-19855.json +++ b/2019/19xxx/CVE-2019-19855.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19855", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19855", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/list_user allows stored XSS via the auth_type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://websec.nl/news.php", + "url": "https://websec.nl/news.php" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182", + "url": "https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182" } ] } diff --git a/2019/19xxx/CVE-2019-19856.json b/2019/19xxx/CVE-2019-19856.json index ca118ab9f2d..fe633d55218 100644 --- a/2019/19xxx/CVE-2019-19856.json +++ b/2019/19xxx/CVE-2019-19856.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19856", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19856", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The User Type on the admin/list_user page allows stored XSS via the type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://websec.nl/news.php", + "url": "https://websec.nl/news.php" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182", + "url": "https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182" } ] } diff --git a/2019/19xxx/CVE-2019-19857.json b/2019/19xxx/CVE-2019-19857.json index 6b96ff704c4..5ae6c805f4f 100644 --- a/2019/19xxx/CVE-2019-19857.json +++ b/2019/19xxx/CVE-2019-19857.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19857", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19857", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change Password screen does not enhance security. This is problematic in conjunction with XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://websec.nl/news.php", + "url": "https://websec.nl/news.php" } ] } diff --git a/2019/19xxx/CVE-2019-19858.json b/2019/19xxx/CVE-2019-19858.json index 718d4460c71..92b26e6521e 100644 --- a/2019/19xxx/CVE-2019-19858.json +++ b/2019/19xxx/CVE-2019-19858.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19858", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19858", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/add_user/UID allows stored XSS via the author parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://websec.nl/news.php", + "url": "https://websec.nl/news.php" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182", + "url": "https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182" } ] } diff --git a/2019/19xxx/CVE-2019-19859.json b/2019/19xxx/CVE-2019-19859.json index 37484f548e5..4263d0b55f0 100644 --- a/2019/19xxx/CVE-2019-19859.json +++ b/2019/19xxx/CVE-2019-19859.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19859", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19859", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The Add Collaborator allows unlimited data via the author parameter, even if the data does not match anything in the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.websec.nl/news.php", + "url": "https://www.websec.nl/news.php" } ] } diff --git a/2019/3xxx/CVE-2019-3467.json b/2019/3xxx/CVE-2019-3467.json index 67c245c4b68..ae3b2cfdb62 100644 --- a/2019/3xxx/CVE-2019-3467.json +++ b/2019/3xxx/CVE-2019-3467.json @@ -83,6 +83,11 @@ "refsource": "BUGTRAQ", "name": "20191229 [SECURITY] [DSA 4595-1] debian-lan-config security update", "url": "https://seclists.org/bugtraq/2019/Dec/44" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200115 [SECURITY] [DLA 2063-1] debian-lan-config security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00012.html" } ] }, diff --git a/2020/5xxx/CVE-2020-5504.json b/2020/5xxx/CVE-2020-5504.json index 904c4467cfa..f4a028a29d1 100644 --- a/2020/5xxx/CVE-2020-5504.json +++ b/2020/5xxx/CVE-2020-5504.json @@ -61,6 +61,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0056", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200115 [SECURITY] [DLA 2060-1] phpmyadmin security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html" } ] }