diff --git a/2010/5xxx/CVE-2010-5331.json b/2010/5xxx/CVE-2010-5331.json index 3a34d3fe715..7aa4429340b 100644 --- a/2010/5xxx/CVE-2010-5331.json +++ b/2010/5xxx/CVE-2010-5331.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem." + "value": "** DISPUTED ** In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/drm/radeon/atombios.c could cause an off by one (buffer overflow) problem. NOTE: At least one Linux maintainer believes that this CVE is incorrectly assigned and should be rejected because the value is hard coded and are not user-controllable where it is used." } ] }, @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K33183814?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K33183814?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-5331", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-5331" } ] } diff --git a/2013/7xxx/CVE-2013-7109.json b/2013/7xxx/CVE-2013-7109.json index 04eb5426a41..9f8883b3c43 100644 --- a/2013/7xxx/CVE-2013-7109.json +++ b/2013/7xxx/CVE-2013-7109.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-7109", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenStack", + "product": { + "product_data": [ + { + "product_name": "Swift", + "version": { + "version_data": [ + { + "version_value": "As of 2013-12-15" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,58 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenStack Swift as of 2013-12-15 mishandles PYTHON_EGG_CACHE" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2013/12/15/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/12/15/2" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/12/15/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/12/15/4" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/12/15/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/12/15/6" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/12/16/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/12/16/2" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/12/17/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/12/17/2" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/12/17/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/12/17/3" + }, + { + "refsource": "MISC", + "name": "https://bugs.launchpad.net/glance/+bug/1192966", + "url": "https://bugs.launchpad.net/glance/+bug/1192966" } ] } diff --git a/2014/4xxx/CVE-2014-4650.json b/2014/4xxx/CVE-2014-4650.json index d4c647b8e06..45644f5e8c6 100644 --- a/2014/4xxx/CVE-2014-4650.json +++ b/2014/4xxx/CVE-2014-4650.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4650", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as demonstrated by a %2f separator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2014/06/26/3", + "url": "http://openwall.com/lists/oss-security/2014/06/26/3" + }, + { + "refsource": "MISC", + "name": "http://bugs.python.org/issue21766", + "url": "http://bugs.python.org/issue21766" + }, + { + "refsource": "REDHAT", + "name": "Red Hat", + "url": "https://access.redhat.com/security/cve/cve-2014-4650" } ] } diff --git a/2015/4xxx/CVE-2015-4410.json b/2015/4xxx/CVE-2015-4410.json index c8e9db7817f..aa9c29c2b0f 100644 --- a/2015/4xxx/CVE-2015-4410.json +++ b/2015/4xxx/CVE-2015-4410.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-4410", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,96 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html", + "url": "https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html" + }, + { + "refsource": "MISC", + "name": "https://homakov.blogspot.ru/2012/05/saferweb-injects-in-various-ruby.html", + "url": "https://homakov.blogspot.ru/2012/05/saferweb-injects-in-various-ruby.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161987.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161987.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1229757", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1229757" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/06/06/3", + "url": "http://www.openwall.com/lists/oss-security/2015/06/06/3" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/75045", + "url": "http://www.securityfocus.com/bid/75045" + }, + { + "refsource": "MISC", + "name": "https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24", + "url": "https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/oss-sec/2015/q2/653", + "url": "https://seclists.org/oss-sec/2015/q2/653" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/75045", + "url": "https://www.securityfocus.com/bid/75045" } ] } diff --git a/2015/4xxx/CVE-2015-4411.json b/2015/4xxx/CVE-2015-4411.json index 319e4cdb4d1..62794e8e839 100644 --- a/2015/4xxx/CVE-2015-4411.json +++ b/2015/4xxx/CVE-2015-4411.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-4411", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,116 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html", + "url": "https://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html" + }, + { + "refsource": "MISC", + "name": "https://homakov.blogspot.ru/2012/05/saferweb-injects-in-various-ruby.html", + "url": "https://homakov.blogspot.ru/2012/05/saferweb-injects-in-various-ruby.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161987.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161987.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161964.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/06/06/3", + "url": "http://www.openwall.com/lists/oss-security/2015/06/06/3" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/75045", + "url": "http://www.securityfocus.com/bid/75045" + }, + { + "refsource": "MISC", + "name": "https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24", + "url": "https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1229706", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1229706" + }, + { + "refsource": "MISC", + "name": "https://github.com/mongodb/bson-ruby/commit/fef6f75413511d653c76bf924a932374a183a24f#diff-8c8558c185bbb548ccb5a6d6ac4bfee5R191", + "url": "https://github.com/mongodb/bson-ruby/commit/fef6f75413511d653c76bf924a932374a183a24f#diff-8c8558c185bbb548ccb5a6d6ac4bfee5R191" + }, + { + "refsource": "MISC", + "name": "https://github.com/mongodb/bson-ruby/compare/7446d7c6764dfda8dc4480ce16d5c023e74be5ca...28f34978a85b689a4480b4d343389bf4886522e7", + "url": "https://github.com/mongodb/bson-ruby/compare/7446d7c6764dfda8dc4480ce16d5c023e74be5ca...28f34978a85b689a4480b4d343389bf4886522e7" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/oss-sec/2015/q2/653", + "url": "https://seclists.org/oss-sec/2015/q2/653" + }, + { + "refsource": "MISC", + "name": "https://github.com/mongodb/bson-ruby/commit/976da329ff03ecdfca3030eb6efe3c85e6db9999", + "url": "https://github.com/mongodb/bson-ruby/commit/976da329ff03ecdfca3030eb6efe3c85e6db9999" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/75045", + "url": "https://www.securityfocus.com/bid/75045" + }, + { + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2015-4411", + "url": "https://security-tracker.debian.org/tracker/CVE-2015-4411" } ] } diff --git a/2019/17xxx/CVE-2019-17626.json b/2019/17xxx/CVE-2019-17626.json index fa4d669efd5..26adae60a33 100644 --- a/2019/17xxx/CVE-2019-17626.json +++ b/2019/17xxx/CVE-2019-17626.json @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-4273-1", "url": "https://usn.ubuntu.com/4273-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200220 [SECURITY] [DLA 2112-1] python-reportlab security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00019.html" } ] } diff --git a/2019/4xxx/CVE-2019-4583.json b/2019/4xxx/CVE-2019-4583.json index 2327f1b8ea6..3832dd0a353 100644 --- a/2019/4xxx/CVE-2019-4583.json +++ b/2019/4xxx/CVE-2019-4583.json @@ -1,93 +1,93 @@ { - "impact" : { - "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, - "BM" : { - "UI" : "N", - "A" : "N", - "C" : "L", - "SCORE" : "4.300", - "AV" : "N", - "PR" : "L", - "AC" : "L", - "S" : "U", - "I" : "N" - } - } - }, - "data_type" : "CVE", - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Maximo Asset Management", - "version" : { - "version_data" : [ - { - "version_value" : "7.6.1.1" - }, - { - "version_value" : "7.6.0.10" - } - ] - } - } - ] - }, - "vendor_name" : "IBM" + "impact": { + "cvssv3": { + "TM": { + "RL": "O", + "RC": "C", + "E": "U" + }, + "BM": { + "UI": "N", + "A": "N", + "C": "L", + "SCORE": "4.300", + "AV": "N", + "PR": "L", + "AC": "L", + "S": "U", + "I": "N" } - ] - } - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.ibm.com/support/pages/node/3002121", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 3002121 (Maximo Asset Management)", - "url" : "https://www.ibm.com/support/pages/node/3002121" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/167289", - "name" : "ibm-maximo-cve20194583-info-disc (167289)", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289." - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2020-02-19T00:00:00", - "ID" : "CVE-2019-4583" - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } + } + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Maximo Asset Management", + "version": { + "version_data": [ + { + "version_value": "7.6.1.1" + }, + { + "version_value": "7.6.0.10" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } ] - } - ] - } -} + } + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/3002121", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 3002121 (Maximo Asset Management)", + "url": "https://www.ibm.com/support/pages/node/3002121" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/167289", + "name": "ibm-maximo-cve20194583-info-disc (167289)", + "title": "X-Force Vulnerability Report", + "refsource": "XF" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 167289." + } + ] + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "STATE": "PUBLIC", + "DATE_PUBLIC": "2020-02-19T00:00:00", + "ID": "CVE-2019-4583" + }, + "data_format": "MITRE", + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Obtain Information", + "lang": "eng" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4752.json b/2019/4xxx/CVE-2019-4752.json index 18d7e68092b..5fd90971e9e 100644 --- a/2019/4xxx/CVE-2019-4752.json +++ b/2019/4xxx/CVE-2019-4752.json @@ -1,118 +1,118 @@ { - "impact" : { - "cvssv3" : { - "BM" : { - "I" : "L", - "S" : "U", - "AC" : "L", - "PR" : "L", - "C" : "H", - "A" : "L", - "UI" : "N", - "SCORE" : "7.600", - "AV" : "N" - }, - "TM" : { - "RL" : "O", - "E" : "U", - "RC" : "C" - } - } - }, - "data_type" : "CVE", - "references" : { - "reference_data" : [ - { - "title" : "IBM Security Bulletin 2948919 (Emptoris Spend Analysis)", - "refsource" : "CONFIRM", - "name" : "https://www.ibm.com/support/pages/node/2948919", - "url" : "https://www.ibm.com/support/pages/node/2948919" - }, - { - "url" : "https://www.ibm.com/support/pages/node/2950269", - "name" : "https://www.ibm.com/support/pages/node/2950269", - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 2950269 (Emptoris Strategic Supply Management)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/173348", - "refsource" : "XF", - "name" : "ibm-emptoris-cve20194752-sql-injection (173348)", - "title" : "X-Force Vulnerability Report" - } - ] - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "vendor_name" : "IBM", - "product" : { - "product_data" : [ - { - "version" : { - "version_data" : [ - { - "version_value" : "10.1.0.34" - }, - { - "version_value" : "10.1.1.33" - }, - { - "version_value" : "10.1.3.29" - } - ] - }, - "product_name" : "Emptoris Strategic Supply Management" - }, - { - "version" : { - "version_data" : [ - { - "version_value" : "10.1.0" - }, - { - "version_value" : "10.1.1" - }, - { - "version_value" : "10.1.3" - } - ] - }, - "product_name" : "Emptoris Spend Analysis" - } - ] - } + "impact": { + "cvssv3": { + "BM": { + "I": "L", + "S": "U", + "AC": "L", + "PR": "L", + "C": "H", + "A": "L", + "UI": "N", + "SCORE": "7.600", + "AV": "N" + }, + "TM": { + "RL": "O", + "E": "U", + "RC": "C" } - ] - } - }, - "description" : { - "description_data" : [ - { - "value" : "IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 173348.", - "lang" : "eng" - } - ] - }, - "CVE_data_meta" : { - "ID" : "CVE-2019-4752", - "DATE_PUBLIC" : "2020-02-19T00:00:00", - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com" - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Data Manipulation", - "lang" : "eng" - } + } + }, + "data_type": "CVE", + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 2948919 (Emptoris Spend Analysis)", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/2948919", + "url": "https://www.ibm.com/support/pages/node/2948919" + }, + { + "url": "https://www.ibm.com/support/pages/node/2950269", + "name": "https://www.ibm.com/support/pages/node/2950269", + "refsource": "CONFIRM", + "title": "IBM Security Bulletin 2950269 (Emptoris Strategic Supply Management)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/173348", + "refsource": "XF", + "name": "ibm-emptoris-cve20194752-sql-injection (173348)", + "title": "X-Force Vulnerability Report" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "10.1.0.34" + }, + { + "version_value": "10.1.1.33" + }, + { + "version_value": "10.1.3.29" + } + ] + }, + "product_name": "Emptoris Strategic Supply Management" + }, + { + "version": { + "version_data": [ + { + "version_value": "10.1.0" + }, + { + "version_value": "10.1.1" + }, + { + "version_value": "10.1.3" + } + ] + }, + "product_name": "Emptoris Spend Analysis" + } + ] + } + } ] - } - ] - } -} + } + }, + "description": { + "description_data": [ + { + "value": "IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Management Platform 10.1.0.x, 10.1.1.x, and 10.1.3.x is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 173348.", + "lang": "eng" + } + ] + }, + "CVE_data_meta": { + "ID": "CVE-2019-4752", + "DATE_PUBLIC": "2020-02-19T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com" + }, + "data_format": "MITRE", + "data_version": "4.0", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "value": "Data Manipulation", + "lang": "eng" + } + ] + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0668.json b/2020/0xxx/CVE-2020-0668.json index a1c25638d27..b0d63abc655 100644 --- a/2020/0xxx/CVE-2020-0668.json +++ b/2020/0xxx/CVE-2020-0668.json @@ -245,6 +245,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0668", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0668" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-257/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-257/" } ] } diff --git a/2020/0xxx/CVE-2020-0688.json b/2020/0xxx/CVE-2020-0688.json index 65167843895..e24622d04b5 100644 --- a/2020/0xxx/CVE-2020-0688.json +++ b/2020/0xxx/CVE-2020-0688.json @@ -106,6 +106,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-258/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-258/" } ] } diff --git a/2020/0xxx/CVE-2020-0792.json b/2020/0xxx/CVE-2020-0792.json index 567723e9ee0..957d2c80e14 100644 --- a/2020/0xxx/CVE-2020-0792.json +++ b/2020/0xxx/CVE-2020-0792.json @@ -126,6 +126,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0792", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0792" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-259/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-259/" } ] } diff --git a/2020/3xxx/CVE-2020-3123.json b/2020/3xxx/CVE-2020-3123.json index 1c4b23e1569..862c70af311 100644 --- a/2020/3xxx/CVE-2020-3123.json +++ b/2020/3xxx/CVE-2020-3123.json @@ -91,6 +91,11 @@ "refsource": "UBUNTU", "name": "USN-4280-1", "url": "https://usn.ubuntu.com/4280-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4280-2", + "url": "https://usn.ubuntu.com/4280-2/" } ] }, diff --git a/2020/8xxx/CVE-2020-8416.json b/2020/8xxx/CVE-2020-8416.json index 52a7528f804..5444578b1e9 100644 --- a/2020/8xxx/CVE-2020-8416.json +++ b/2020/8xxx/CVE-2020-8416.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to the PASV mode port." + "value": "IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to the PASV mode port." } ] }, diff --git a/2020/9xxx/CVE-2020-9312.json b/2020/9xxx/CVE-2020-9312.json new file mode 100644 index 00000000000..91cd8385e6e --- /dev/null +++ b/2020/9xxx/CVE-2020-9312.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9312", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/9xxx/CVE-2020-9313.json b/2020/9xxx/CVE-2020-9313.json new file mode 100644 index 00000000000..68c0b50d602 --- /dev/null +++ b/2020/9xxx/CVE-2020-9313.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9313", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file