diff --git a/2014/3xxx/CVE-2014-3577.json b/2014/3xxx/CVE-2014-3577.json index dfe4d5d59c4..559237bd1e1 100644 --- a/2014/3xxx/CVE-2014-3577.json +++ b/2014/3xxx/CVE-2014-3577.json @@ -251,6 +251,11 @@ "refsource": "MLIST", "name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html", "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1873", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html" } ] } diff --git a/2015/5xxx/CVE-2015-5262.json b/2015/5xxx/CVE-2015-5262.json index 0db2af5d5b4..3b784eab728 100644 --- a/2015/5xxx/CVE-2015-5262.json +++ b/2015/5xxx/CVE-2015-5262.json @@ -111,6 +111,16 @@ "refsource": "MLIST", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1873", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00032.html" } ] } diff --git a/2020/28xxx/CVE-2020-28049.json b/2020/28xxx/CVE-2020-28049.json index a6e4551f478..138994f011e 100644 --- a/2020/28xxx/CVE-2020-28049.json +++ b/2020/28xxx/CVE-2020-28049.json @@ -76,6 +76,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20201106 [SECURITY] [DLA 2436-1] sddm security update", "url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00009.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:1870", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00031.html" } ] } diff --git a/2020/28xxx/CVE-2020-28339.json b/2020/28xxx/CVE-2020-28339.json new file mode 100644 index 00000000000..35996f5ca47 --- /dev/null +++ b/2020/28xxx/CVE-2020-28339.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-28339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/blog/2020/11/object-injection-vulnerability-in-welcart-e-commerce-plugin/", + "refsource": "MISC", + "name": "https://www.wordfence.com/blog/2020/11/object-injection-vulnerability-in-welcart-e-commerce-plugin/" + }, + { + "url": "https://wordpress.org/plugins/usc-e-shop/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/usc-e-shop/#developers" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N", + "version": "3.1" + } + } +} \ No newline at end of file