From 40d7a822260859cefc9f2601259a25ef2edee4ba Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 18 Mar 2020 14:01:23 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/14xxx/CVE-2019-14881.json | 2 +- 2019/14xxx/CVE-2019-14883.json | 2 +- 2019/14xxx/CVE-2019-14884.json | 2 +- 2020/4xxx/CVE-2020-4199.json | 174 ++++++++++++++++----------------- 2020/6xxx/CVE-2020-6976.json | 50 +++++++++- 2020/9xxx/CVE-2020-9323.json | 66 +++++++++++-- 2020/9xxx/CVE-2020-9324.json | 66 +++++++++++-- 2020/9xxx/CVE-2020-9325.json | 66 +++++++++++-- 8 files changed, 317 insertions(+), 111 deletions(-) diff --git a/2019/14xxx/CVE-2019-14881.json b/2019/14xxx/CVE-2019-14881.json index 92e2564242a..e5aef616d4e 100644 --- a/2019/14xxx/CVE-2019-14881.json +++ b/2019/14xxx/CVE-2019-14881.json @@ -60,7 +60,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in moodle through 3.7 to 3.7.2 and before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed." + "value": "A vulnerability was found in moodle 3.7 to 3.7.2 and before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed." } ] }, diff --git a/2019/14xxx/CVE-2019-14883.json b/2019/14xxx/CVE-2019-14883.json index 2a2c70e6fad..ea2270a0ea7 100644 --- a/2019/14xxx/CVE-2019-14883.json +++ b/2019/14xxx/CVE-2019-14883.json @@ -63,7 +63,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Moodle through version 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token." + "value": "A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token." } ] }, diff --git a/2019/14xxx/CVE-2019-14884.json b/2019/14xxx/CVE-2019-14884.json index 42313cfe26b..21dbe378567 100644 --- a/2019/14xxx/CVE-2019-14884.json +++ b/2019/14xxx/CVE-2019-14884.json @@ -66,7 +66,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability was found in Moodle through versions 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages." + "value": "A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages." } ] }, diff --git a/2020/4xxx/CVE-2020-4199.json b/2020/4xxx/CVE-2020-4199.json index 87663b54c43..99ee07d6b2e 100644 --- a/2020/4xxx/CVE-2020-4199.json +++ b/2020/4xxx/CVE-2020-4199.json @@ -1,90 +1,90 @@ { - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Gain Access", - "lang" : "eng" - } - ] - } - ] - }, - "data_version" : "4.0", - "affects" : { - "vendor" : { - "vendor_data" : [ + "problemtype": { + "problemtype_data": [ { - "product" : { - "product_data" : [ - { - "product_name" : "Tivoli Netcool/OMNIbus", - "version" : { - "version_data" : [ - { - "version_value" : "8.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "description": [ + { + "value": "Gain Access", + "lang": "eng" + } + ] } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174910.", - "lang" : "eng" - } - ] - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 5968048 (Tivoli Netcool/OMNIbus)", - "url" : "https://www.ibm.com/support/pages/node/5968048", - "name" : "https://www.ibm.com/support/pages/node/5968048" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/174910", - "name" : "ibm-tivoli-cve20204199-csrf (174910)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "data_format" : "MITRE", - "impact" : { - "cvssv3" : { - "BM" : { - "C" : "N", - "I" : "L", - "AC" : "L", - "A" : "N", - "PR" : "N", - "UI" : "R", - "SCORE" : "4.300", - "S" : "U", - "AV" : "N" - }, - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - } - } - }, - "data_type" : "CVE", - "CVE_data_meta" : { - "DATE_PUBLIC" : "2020-03-16T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "ID" : "CVE-2020-4199" - } -} + ] + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Tivoli Netcool/OMNIbus", + "version": { + "version_data": [ + { + "version_value": "8.1.0" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "description": { + "description_data": [ + { + "value": "IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174910.", + "lang": "eng" + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 5968048 (Tivoli Netcool/OMNIbus)", + "url": "https://www.ibm.com/support/pages/node/5968048", + "name": "https://www.ibm.com/support/pages/node/5968048" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/174910", + "name": "ibm-tivoli-cve20204199-csrf (174910)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "data_format": "MITRE", + "impact": { + "cvssv3": { + "BM": { + "C": "N", + "I": "L", + "AC": "L", + "A": "N", + "PR": "N", + "UI": "R", + "SCORE": "4.300", + "S": "U", + "AV": "N" + }, + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + } + } + }, + "data_type": "CVE", + "CVE_data_meta": { + "DATE_PUBLIC": "2020-03-16T00:00:00", + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "ID": "CVE-2020-4199" + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6976.json b/2020/6xxx/CVE-2020-6976.json index 92df4487579..5310e480d29 100644 --- a/2020/6xxx/CVE-2020-6976.json +++ b/2020/6xxx/CVE-2020-6976.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6976", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Delta Industrial Automation CNCSoft ScreenEditor", + "version": { + "version_data": [ + { + "version_value": "CNCSoft ScreenEditor v1.00.96 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OUT-OF-BOUNDS READ CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-077-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-077-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. An out-of-bounds read overflow can be exploited when a valid user opens a specially crafted, malicious input file due to the lack of validation." } ] } diff --git a/2020/9xxx/CVE-2020-9323.json b/2020/9xxx/CVE-2020-9323.json index 5c88bd14397..c6e71288ffa 100644 --- a/2020/9xxx/CVE-2020-9323.json +++ b/2020/9xxx/CVE-2020-9323.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9323", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9323", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.criticalstart.com/resources/", + "refsource": "MISC", + "name": "https://www.criticalstart.com/resources/" + }, + { + "url": "https://www.aquaforest.com/en/release_history.asp", + "refsource": "MISC", + "name": "https://www.aquaforest.com/en/release_history.asp" + }, + { + "refsource": "MISC", + "name": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/", + "url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/" } ] } diff --git a/2020/9xxx/CVE-2020-9324.json b/2020/9xxx/CVE-2020-9324.json index 6d9c1dc1bfc..3b45c542765 100644 --- a/2020/9xxx/CVE-2020-9324.json +++ b/2020/9xxx/CVE-2020-9324.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9324", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9324", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via UNC." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.criticalstart.com/resources/", + "refsource": "MISC", + "name": "https://www.criticalstart.com/resources/" + }, + { + "url": "https://www.aquaforest.com/en/release_history.asp", + "refsource": "MISC", + "name": "https://www.aquaforest.com/en/release_history.asp" + }, + { + "refsource": "MISC", + "name": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/", + "url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/" } ] } diff --git a/2020/9xxx/CVE-2020-9325.json b/2020/9xxx/CVE-2020-9325.json index 69d30c34329..02def46c950 100644 --- a/2020/9xxx/CVE-2020-9325.json +++ b/2020/9xxx/CVE-2020-9325.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-9325", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-9325", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Download." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.criticalstart.com/resources/", + "refsource": "MISC", + "name": "https://www.criticalstart.com/resources/" + }, + { + "url": "https://www.aquaforest.com/en/release_history.asp", + "refsource": "MISC", + "name": "https://www.aquaforest.com/en/release_history.asp" + }, + { + "refsource": "MISC", + "name": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/", + "url": "https://www.criticalstart.com/multiple-vulnerabilities-discovered-in-tiff-server-from-aquaforest/" } ] }