diff --git a/2019/17xxx/CVE-2019-17006.json b/2019/17xxx/CVE-2019-17006.json index 16901e2fab0..cb105b968a9 100644 --- a/2019/17xxx/CVE-2019-17006.json +++ b/2019/17xxx/CVE-2019-17006.json @@ -54,6 +54,11 @@ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788", "refsource": "MISC", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1539788" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210129-0001/", + "url": "https://security.netapp.com/advisory/ntap-20210129-0001/" } ] }, diff --git a/2019/19xxx/CVE-2019-19462.json b/2019/19xxx/CVE-2019-19462.json index e0bc0faf9f1..dab9659d024 100644 --- a/2019/19xxx/CVE-2019-19462.json +++ b/2019/19xxx/CVE-2019-19462.json @@ -121,6 +121,11 @@ "refsource": "UBUNTU", "name": "USN-4440-1", "url": "https://usn.ubuntu.com/4440-1/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210129-0004/", + "url": "https://security.netapp.com/advisory/ntap-20210129-0004/" } ] } diff --git a/2020/10xxx/CVE-2020-10663.json b/2020/10xxx/CVE-2020-10663.json index eae502de68d..406f1a89ff4 100644 --- a/2020/10xxx/CVE-2020-10663.json +++ b/2020/10xxx/CVE-2020-10663.json @@ -131,6 +131,11 @@ "refsource": "MLIST", "name": "[zookeeper-issues] 20210106 [jira] [Updated] (ZOOKEEPER-3933) owasp failing with json-simple-1.1.1.jar: CVE-2020-10663, CVE-2020-7712", "url": "https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210129-0003/", + "url": "https://security.netapp.com/advisory/ntap-20210129-0003/" } ] } diff --git a/2020/10xxx/CVE-2020-10732.json b/2020/10xxx/CVE-2020-10732.json index ee21d2deb9f..e61bebd8331 100644 --- a/2020/10xxx/CVE-2020-10732.json +++ b/2020/10xxx/CVE-2020-10732.json @@ -108,6 +108,11 @@ "refsource": "UBUNTU", "name": "USN-4485-1", "url": "https://usn.ubuntu.com/4485-1/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210129-0005/", + "url": "https://security.netapp.com/advisory/ntap-20210129-0005/" } ] }, diff --git a/2020/11xxx/CVE-2020-11724.json b/2020/11xxx/CVE-2020-11724.json index 8de8116b70a..b43c039468d 100644 --- a/2020/11xxx/CVE-2020-11724.json +++ b/2020/11xxx/CVE-2020-11724.json @@ -71,6 +71,11 @@ "refsource": "DEBIAN", "name": "DSA-4750", "url": "https://www.debian.org/security/2020/dsa-4750" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210129-0002/", + "url": "https://security.netapp.com/advisory/ntap-20210129-0002/" } ] } diff --git a/2020/28xxx/CVE-2020-28401.json b/2020/28xxx/CVE-2020-28401.json index b9a60e7b5aa..ee20ae7cbcf 100644 --- a/2020/28xxx/CVE-2020-28401.json +++ b/2020/28xxx/CVE-2020-28401.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28401", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28401", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.starpracticemanagement.com/", + "refsource": "MISC", + "name": "https://www.starpracticemanagement.com/" + }, + { + "url": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28401", + "refsource": "MISC", + "name": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28401" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28402.json b/2020/28xxx/CVE-2020-28402.json index 509e20c08af..632d47ffa1b 100644 --- a/2020/28xxx/CVE-2020-28402.json +++ b/2020/28xxx/CVE-2020-28402.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28402", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28402", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access Launcher Configuration Panel." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.starpracticemanagement.com/", + "refsource": "MISC", + "name": "https://www.starpracticemanagement.com/" + }, + { + "url": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28402", + "refsource": "MISC", + "name": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28402" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:N/I:L/PR:L/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28403.json b/2020/28xxx/CVE-2020-28403.json index afcd17f2709..c55d7568e99 100644 --- a/2020/28xxx/CVE-2020-28403.json +++ b/2020/28xxx/CVE-2020-28403.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28403", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28403", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an attacker to change the privileges of any user of the application. This can be used to grant himself administrative role or remove the administrative account of the application." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.starpracticemanagement.com/", + "refsource": "MISC", + "name": "https://www.starpracticemanagement.com/" + }, + { + "url": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28403", + "refsource": "MISC", + "name": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28403" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:R", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28404.json b/2020/28xxx/CVE-2020-28404.json index 515692a2d9f..9c4df40298f 100644 --- a/2020/28xxx/CVE-2020-28404.json +++ b/2020/28xxx/CVE-2020-28404.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28404", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28404", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate privileges." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.starpracticemanagement.com/", + "refsource": "MISC", + "name": "https://www.starpracticemanagement.com/" + }, + { + "url": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28404", + "refsource": "MISC", + "name": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28404" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28405.json b/2020/28xxx/CVE-2020-28405.json index ea9c9a82c47..1dadddd61bd 100644 --- a/2020/28xxx/CVE-2020-28405.json +++ b/2020/28xxx/CVE-2020-28405.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28405", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28405", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to change the privileges of any user of the application. This can be used to grant himself the administrative role or remove all administrative accounts of the application." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.starpracticemanagement.com/", + "refsource": "MISC", + "name": "https://www.starpracticemanagement.com/" + }, + { + "url": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28405", + "refsource": "MISC", + "name": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28405" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2020/28xxx/CVE-2020-28406.json b/2020/28xxx/CVE-2020-28406.json index 7a29d688a52..d45d3026ae2 100644 --- a/2020/28xxx/CVE-2020-28406.json +++ b/2020/28xxx/CVE-2020-28406.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-28406", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-28406", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audit Trail Feature." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.starpracticemanagement.com/", + "refsource": "MISC", + "name": "https://www.starpracticemanagement.com/" + }, + { + "url": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28406", + "refsource": "MISC", + "name": "https://excellium-services.com/cert-xlm-advisory/CVE-2020-28406" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2020/29xxx/CVE-2020-29004.json b/2020/29xxx/CVE-2020-29004.json index a251b2eb662..9dd95fd1db7 100644 --- a/2020/29xxx/CVE-2020-29004.json +++ b/2020/29xxx/CVE-2020-29004.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-29004", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-29004", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phabricator.wikimedia.org/T262724", + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T262724" + }, + { + "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988", + "refsource": "MISC", + "name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988" + }, + { + "refsource": "CONFIRM", + "name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988/10/src/api/ApiPushBase.php", + "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988/10/src/api/ApiPushBase.php" } ] } diff --git a/2020/29xxx/CVE-2020-29005.json b/2020/29xxx/CVE-2020-29005.json index 2fc0a08b7cf..5d065f1cf86 100644 --- a/2020/29xxx/CVE-2020-29005.json +++ b/2020/29xxx/CVE-2020-29005.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-29005", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-29005", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://phabricator.wikimedia.org/T262724", + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T262724" + }, + { + "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988", + "refsource": "MISC", + "name": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Push/+/625988" } ] } diff --git a/2020/29xxx/CVE-2020-29509.json b/2020/29xxx/CVE-2020-29509.json index 2c3aa850d7b..f11f7fb3ec1 100644 --- a/2020/29xxx/CVE-2020-29509.json +++ b/2020/29xxx/CVE-2020-29509.json @@ -76,6 +76,11 @@ "refsource": "MISC", "url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md", "name": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210129-0006/", + "url": "https://security.netapp.com/advisory/ntap-20210129-0006/" } ] }, diff --git a/2020/29xxx/CVE-2020-29510.json b/2020/29xxx/CVE-2020-29510.json index 62eb6b67a01..2ce59f158fa 100644 --- a/2020/29xxx/CVE-2020-29510.json +++ b/2020/29xxx/CVE-2020-29510.json @@ -77,6 +77,11 @@ "refsource": "MISC", "url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md", "name": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210129-0006/", + "url": "https://security.netapp.com/advisory/ntap-20210129-0006/" } ] }, diff --git a/2020/29xxx/CVE-2020-29511.json b/2020/29xxx/CVE-2020-29511.json index 58e7e2b7d29..eca8fc190c7 100644 --- a/2020/29xxx/CVE-2020-29511.json +++ b/2020/29xxx/CVE-2020-29511.json @@ -76,6 +76,11 @@ "refsource": "MISC", "url": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.md", "name": "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.md" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210129-0006/", + "url": "https://security.netapp.com/advisory/ntap-20210129-0006/" } ] }, diff --git a/2020/29xxx/CVE-2020-29535.json b/2020/29xxx/CVE-2020-29535.json index 30e498a2e45..460eda257bc 100644 --- a/2020/29xxx/CVE-2020-29535.json +++ b/2020/29xxx/CVE-2020-29535.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-29535", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-29535", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.rsa.com/en-us/company/vulnerability-response-policy", + "refsource": "MISC", + "name": "https://www.rsa.com/en-us/company/vulnerability-response-policy" + }, + { + "refsource": "CONFIRM", + "name": "https://community.rsa.com/docs/DOC-115223", + "url": "https://community.rsa.com/docs/DOC-115223" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:H/AV:N/A:N/C:H/I:N/PR:L/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2020/29xxx/CVE-2020-29536.json b/2020/29xxx/CVE-2020-29536.json index f9240c783f1..71bcdd19cdc 100644 --- a/2020/29xxx/CVE-2020-29536.json +++ b/2020/29xxx/CVE-2020-29536.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-29536", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-29536", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote authenticated malicious attacker with access to service files may obtain sensitive information to use it in further attacks." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.rsa.com/en-us/company/vulnerability-response-policy", + "refsource": "MISC", + "name": "https://www.rsa.com/en-us/company/vulnerability-response-policy" + }, + { + "refsource": "CONFIRM", + "name": "https://community.rsa.com/docs/DOC-115223", + "url": "https://community.rsa.com/docs/DOC-115223" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:N/PR:L/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2020/29xxx/CVE-2020-29537.json b/2020/29xxx/CVE-2020-29537.json index 51db26ccbbd..fd899f15e60 100644 --- a/2020/29xxx/CVE-2020-29537.json +++ b/2020/29xxx/CVE-2020-29537.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-29537", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-29537", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged attacker may potentially redirect legitimate users to arbitrary web sites and conduct phishing attacks. The attacker could then steal the victims' credentials and silently authenticate them to the Archer application without the victims realizing an attack occurred." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.rsa.com/en-us/company/vulnerability-response-policy", + "refsource": "MISC", + "name": "https://www.rsa.com/en-us/company/vulnerability-response-policy" + }, + { + "refsource": "CONFIRM", + "name": "https://community.rsa.com/docs/DOC-115223", + "url": "https://community.rsa.com/docs/DOC-115223" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:L/I:L/PR:L/S:U/UI:R", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2020/29xxx/CVE-2020-29538.json b/2020/29xxx/CVE-2020-29538.json index 2190a9e25aa..66db76560ea 100644 --- a/2020/29xxx/CVE-2020-29538.json +++ b/2020/29xxx/CVE-2020-29538.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-29538", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-29538", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Archer before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. A remote authenticated malicious administrative user can potentially exploit this vulnerability to gather information about the system, and may use this information in subsequent attacks." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.rsa.com/en-us/company/vulnerability-response-policy", + "refsource": "MISC", + "name": "https://www.rsa.com/en-us/company/vulnerability-response-policy" + }, + { + "refsource": "CONFIRM", + "name": "https://community.rsa.com/docs/DOC-115223", + "url": "https://community.rsa.com/docs/DOC-115223" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:N/I:H/PR:H/S:U/UI:N", + "version": "3.1" + } } } \ No newline at end of file diff --git a/2020/29xxx/CVE-2020-29603.json b/2020/29xxx/CVE-2020-29603.json index a1772eb03d2..db8d0b450a5 100644 --- a/2020/29xxx/CVE-2020-29603.json +++ b/2020/29xxx/CVE-2020-29603.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-29603", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-29603", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://mantisbt.org/bugs/view.php?id=27726", + "refsource": "MISC", + "name": "https://mantisbt.org/bugs/view.php?id=27726" + }, + { + "url": "https://mantisbt.org/bugs/view.php?id=27357", + "refsource": "MISC", + "name": "https://mantisbt.org/bugs/view.php?id=27357" } ] } diff --git a/2020/29xxx/CVE-2020-29604.json b/2020/29xxx/CVE-2020-29604.json index 1cdf58c895a..5fe24cb6ac9 100644 --- a/2020/29xxx/CVE-2020-29604.json +++ b/2020/29xxx/CVE-2020-29604.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-29604", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-29604", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php allows an attacker (with rights to create new issues) to use the COPY group action to create a clone, including all bugnotes and attachments, of any private issue (i.e., one having Private view status, or belonging to a private Project) via the bug_arr[] parameter. This provides full access to potentially confidential information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://mantisbt.org/bugs/view.php?id=27357", + "refsource": "MISC", + "name": "https://mantisbt.org/bugs/view.php?id=27357" + }, + { + "url": "https://mantisbt.org/bugs/view.php?id=27728", + "refsource": "MISC", + "name": "https://mantisbt.org/bugs/view.php?id=27728" } ] } diff --git a/2020/29xxx/CVE-2020-29605.json b/2020/29xxx/CVE-2020-29605.json index cf686a29d93..8338872dcd8 100644 --- a/2020/29xxx/CVE-2020-29605.json +++ b/2020/29xxx/CVE-2020-29605.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-29605", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-29605", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can get access to the Summary fields of private Issues via bug_arr[]= in a crafted bug_actiongroup_page.php URL. (The target Issues can have Private view status, or belong to a private Project.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://mantisbt.org/bugs/view.php?id=27357", + "refsource": "MISC", + "name": "https://mantisbt.org/bugs/view.php?id=27357" + }, + { + "url": "https://mantisbt.org/bugs/view.php?id=27727", + "refsource": "MISC", + "name": "https://mantisbt.org/bugs/view.php?id=27727" } ] } diff --git a/2020/35xxx/CVE-2020-35145.json b/2020/35xxx/CVE-2020-35145.json index cf815f5ec63..957b1e9c4a4 100644 --- a/2020/35xxx/CVE-2020-35145.json +++ b/2020/35xxx/CVE-2020-35145.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35145", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35145", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.acronis.com/en-us/products/true-image/", + "refsource": "MISC", + "name": "https://www.acronis.com/en-us/products/true-image/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.acronis.com/en-us/support/updates/changes.html?p=42246", + "url": "https://www.acronis.com/en-us/support/updates/changes.html?p=42246" } ] } diff --git a/2020/35xxx/CVE-2020-35448.json b/2020/35xxx/CVE-2020-35448.json index b6d9639f8d6..e46f2682b31 100644 --- a/2020/35xxx/CVE-2020-35448.json +++ b/2020/35xxx/CVE-2020-35448.json @@ -61,6 +61,11 @@ "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8642dafaef21aa6747cec01df1977e9c52eb4679", "refsource": "MISC", "name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8642dafaef21aa6747cec01df1977e9c52eb4679" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210129-0008/", + "url": "https://security.netapp.com/advisory/ntap-20210129-0008/" } ] } diff --git a/2020/35xxx/CVE-2020-35547.json b/2020/35xxx/CVE-2020-35547.json index a7869095073..8805bcaffc1 100644 --- a/2020/35xxx/CVE-2020-35547.json +++ b/2020/35xxx/CVE-2020-35547.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-35547", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-35547", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitel.com/support/security-advisories", + "refsource": "MISC", + "name": "https://www.mitel.com/support/security-advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0016", + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-20-0016" } ] } diff --git a/2020/35xxx/CVE-2020-35728.json b/2020/35xxx/CVE-2020-35728.json index adbe371a9a8..debf24df436 100644 --- a/2020/35xxx/CVE-2020-35728.json +++ b/2020/35xxx/CVE-2020-35728.json @@ -61,6 +61,11 @@ "url": "https://github.com/FasterXML/jackson-databind/issues/2999", "refsource": "MISC", "name": "https://github.com/FasterXML/jackson-databind/issues/2999" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210129-0007/", + "url": "https://security.netapp.com/advisory/ntap-20210129-0007/" } ] } diff --git a/2020/4xxx/CVE-2020-4642.json b/2020/4xxx/CVE-2020-4642.json index 7d5e18b17ba..aef418493f9 100644 --- a/2020/4xxx/CVE-2020-4642.json +++ b/2020/4xxx/CVE-2020-4642.json @@ -1,102 +1,107 @@ { - "data_version" : "4.0", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-12-22T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2020-4642" - }, - "data_format" : "MITRE", - "description" : { - "description_data" : [ - { - "value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the \"DB2 Management Service\".", - "lang" : "eng" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Denial of Service", - "lang" : "eng" - } - ] - } - ] - }, - "impact" : { - "cvssv3" : { - "TM" : { - "RC" : "C", - "E" : "U", - "RL" : "O" - }, - "BM" : { - "S" : "U", - "C" : "N", - "UI" : "N", - "PR" : "N", - "SCORE" : "6.200", - "I" : "N", - "AV" : "L", - "AC" : "L", - "A" : "H" - } - } - }, - "affects" : { - "vendor" : { - "vendor_data" : [ + "data_version": "4.0", + "CVE_data_meta": { + "DATE_PUBLIC": "2020-12-22T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2020-4642" + }, + "data_format": "MITRE", + "description": { + "description_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "DB2 for Linux- UNIX and Windows", - "version" : { - "version_data" : [ - { - "version_value" : "9.7" - }, - { - "version_value" : "10.1" - }, - { - "version_value" : "10.5" - }, - { - "version_value" : "11.1" - }, - { - "version_value" : "11.5" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the \"DB2 Management Service\".", + "lang": "eng" } - ] - } - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/6391652", - "url" : "https://www.ibm.com/support/pages/node/6391652", - "title" : "IBM Security Bulletin 6391652 (DB2 for Linux- UNIX and Windows)", - "refsource" : "CONFIRM" - }, - { - "name" : "ibm-db2-cve20204642-dos (185589)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/185589", - "title" : "X-Force Vulnerability Report" - } - ] - } -} + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Denial of Service", + "lang": "eng" + } + ] + } + ] + }, + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "E": "U", + "RL": "O" + }, + "BM": { + "S": "U", + "C": "N", + "UI": "N", + "PR": "N", + "SCORE": "6.200", + "I": "N", + "AV": "L", + "AC": "L", + "A": "H" + } + } + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DB2 for Linux- UNIX and Windows", + "version": { + "version_data": [ + { + "version_value": "9.7" + }, + { + "version_value": "10.1" + }, + { + "version_value": "10.5" + }, + { + "version_value": "11.1" + }, + { + "version_value": "11.5" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/6391652", + "url": "https://www.ibm.com/support/pages/node/6391652", + "title": "IBM Security Bulletin 6391652 (DB2 for Linux- UNIX and Windows)", + "refsource": "CONFIRM" + }, + { + "name": "ibm-db2-cve20204642-dos (185589)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/185589", + "title": "X-Force Vulnerability Report" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210129-0009/", + "url": "https://security.netapp.com/advisory/ntap-20210129-0009/" + } + ] + } +} \ No newline at end of file diff --git a/2021/23xxx/CVE-2021-23239.json b/2021/23xxx/CVE-2021-23239.json index 1293d868185..5938b8e0799 100644 --- a/2021/23xxx/CVE-2021-23239.json +++ b/2021/23xxx/CVE-2021-23239.json @@ -76,6 +76,11 @@ "refsource": "GENTOO", "name": "GLSA-202101-33", "url": "https://security.gentoo.org/glsa/202101-33" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210129-0010/", + "url": "https://security.netapp.com/advisory/ntap-20210129-0010/" } ] } diff --git a/2021/23xxx/CVE-2021-23240.json b/2021/23xxx/CVE-2021-23240.json index 08b25a620aa..3071ddb28eb 100644 --- a/2021/23xxx/CVE-2021-23240.json +++ b/2021/23xxx/CVE-2021-23240.json @@ -76,6 +76,11 @@ "refsource": "GENTOO", "name": "GLSA-202101-33", "url": "https://security.gentoo.org/glsa/202101-33" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20210129-0010/", + "url": "https://security.netapp.com/advisory/ntap-20210129-0010/" } ] } diff --git a/2021/3xxx/CVE-2021-3176.json b/2021/3xxx/CVE-2021-3176.json index bfc7e4e8c3d..06dea2c8400 100644 --- a/2021/3xxx/CVE-2021-3176.json +++ b/2021/3xxx/CVE-2021-3176.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2021-3176", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2021-3176", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The chat window of the Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.15 and 7.x before 7.1.2 could allow an attacker to gain access to user information by sending certain code, due to improper input validation of http links. A successful exploit could allow an attacker to view user information and application data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitel.com/support/security-advisories", + "refsource": "MISC", + "name": "https://www.mitel.com/support/security-advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0001", + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0001" } ] }