From 5259881e3eb313f78139cffa8a6f61536ed52da2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Mar 2020 17:01:09 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/12xxx/CVE-2019-12182.json | 71 +++++++++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12183.json | 5 +++ 2019/19xxx/CVE-2019-19799.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10078.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10079.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10080.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10081.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10082.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10083.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10084.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10085.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10086.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10087.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10088.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10089.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10090.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10091.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10092.json | 61 ++++++++++++++++++++++++++--- 2020/10xxx/CVE-2020-10218.json | 61 ++++++++++++++++++++++++++--- 19 files changed, 1005 insertions(+), 108 deletions(-) diff --git a/2019/12xxx/CVE-2019-12182.json b/2019/12xxx/CVE-2019-12182.json index 87369eb19a7..0c09bea1e7f 100644 --- a/2019/12xxx/CVE-2019-12182.json +++ b/2019/12xxx/CVE-2019-12182.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12182", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12182", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://safescan.com/", + "refsource": "MISC", + "name": "https://safescan.com/" + }, + { + "refsource": "MISC", + "name": "https://github.com/ProCheckUp/SafeScan", + "url": "https://github.com/ProCheckUp/SafeScan" + }, + { + "refsource": "MISC", + "name": "https://procheckup.com/blogs/posts/2020/february/remote-code-execution-on-biometric-iot-devices/", + "url": "https://procheckup.com/blogs/posts/2020/february/remote-code-execution-on-biometric-iot-devices/" + }, + { + "refsource": "MISC", + "name": "https://support.timemoto.com/en/s/safescan-time-clock-systems/a/firmware-update-7-dot-03-dot-100-ta8000-14", + "url": "https://support.timemoto.com/en/s/safescan-time-clock-systems/a/firmware-update-7-dot-03-dot-100-ta8000-14" } ] } diff --git a/2019/12xxx/CVE-2019-12183.json b/2019/12xxx/CVE-2019-12183.json index a1e8432d90d..917036a7f08 100644 --- a/2019/12xxx/CVE-2019-12183.json +++ b/2019/12xxx/CVE-2019-12183.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://procheckup.com/blogs/posts/2020/february/remote-code-execution-on-biometric-iot-devices/", "url": "https://procheckup.com/blogs/posts/2020/february/remote-code-execution-on-biometric-iot-devices/" + }, + { + "refsource": "MISC", + "name": "https://support.timemoto.com/en/s/safescan-time-clock-systems/a/firmware-update-7-dot-03-dot-100-ta8000-14", + "url": "https://support.timemoto.com/en/s/safescan-time-clock-systems/a/firmware-update-7-dot-03-dot-100-ta8000-14" } ] } diff --git a/2019/19xxx/CVE-2019-19799.json b/2019/19xxx/CVE-2019-19799.json index cca611ceb0b..d87cf81fa27 100644 --- a/2019/19xxx/CVE-2019-19799.json +++ b/2019/19xxx/CVE-2019-19799.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19799", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19799", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoho ManageEngine Applications Manager 14590 and before allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.manageengine.com", + "refsource": "MISC", + "name": "https://www.manageengine.com" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/eLeN3Re/cve-2019-19799", + "url": "https://gitlab.com/eLeN3Re/cve-2019-19799" } ] } diff --git a/2020/10xxx/CVE-2020-10078.json b/2020/10xxx/CVE-2020-10078.json index 6369412b2cc..755c3e55b69 100644 --- a/2020/10xxx/CVE-2020-10078.json +++ b/2020/10xxx/CVE-2020-10078.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10078", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10078", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10079.json b/2020/10xxx/CVE-2020-10079.json index 359eefa8070..0feae78bda6 100644 --- a/2020/10xxx/CVE-2020-10079.json +++ b/2020/10xxx/CVE-2020-10079.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10079", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10079", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should have been required to configure two-factor authentication, it was not being required." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10080.json b/2020/10xxx/CVE-2020-10080.json index 39332d8d0a2..5c4c52a031e 100644 --- a/2020/10xxx/CVE-2020-10080.json +++ b/2020/10xxx/CVE-2020-10080.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10080", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10080", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10081.json b/2020/10xxx/CVE-2020-10081.json index 2062799518e..25e98fdd8a8 100644 --- a/2020/10xxx/CVE-2020-10081.json +++ b/2020/10xxx/CVE-2020-10081.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10081", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10081", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10082.json b/2020/10xxx/CVE-2020-10082.json index 6365981dea2..da9f7d4151d 100644 --- a/2020/10xxx/CVE-2020-10082.json +++ b/2020/10xxx/CVE-2020-10082.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10082", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10082", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10083.json b/2020/10xxx/CVE-2020-10083.json index cddf6397080..46534520647 100644 --- a/2020/10xxx/CVE-2020-10083.json +++ b/2020/10xxx/CVE-2020-10083.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10083", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10083", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10084.json b/2020/10xxx/CVE-2020-10084.json index 932b3bd4a65..c74d2a930df 100644 --- a/2020/10xxx/CVE-2020-10084.json +++ b/2020/10xxx/CVE-2020-10084.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10084", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10084", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10085.json b/2020/10xxx/CVE-2020-10085.json index 37dd1399857..f3c538f4877 100644 --- a/2020/10xxx/CVE-2020-10085.json +++ b/2020/10xxx/CVE-2020-10085.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10085", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10085", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10086.json b/2020/10xxx/CVE-2020-10086.json index 067becac269..6b43a82e13f 100644 --- a/2020/10xxx/CVE-2020-10086.json +++ b/2020/10xxx/CVE-2020-10086.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10086", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10086", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a directory traversal vulnerability, leading to arbitrary file read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10087.json b/2020/10xxx/CVE-2020-10087.json index 1fd91469761..60bd84ad496 100644 --- a/2020/10xxx/CVE-2020-10087.json +++ b/2020/10xxx/CVE-2020-10087.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10087", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10087", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10088.json b/2020/10xxx/CVE-2020-10088.json index f8382909ad0..d4d8fd14bd3 100644 --- a/2020/10xxx/CVE-2020-10088.json +++ b/2020/10xxx/CVE-2020-10088.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10088", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10088", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10089.json b/2020/10xxx/CVE-2020-10089.json index e7acc9a60a6..90225af146e 100644 --- a/2020/10xxx/CVE-2020-10089.json +++ b/2020/10xxx/CVE-2020-10089.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10089", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10089", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother," + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10090.json b/2020/10xxx/CVE-2020-10090.json index bd1749ac285..48680e39eaa 100644 --- a/2020/10xxx/CVE-2020-10090.json +++ b/2020/10xxx/CVE-2020-10090.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10090", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10090", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab before 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic information was unintentionally being disclosed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10091.json b/2020/10xxx/CVE-2020-10091.json index 5f2aa15b571..84285d5ff52 100644 --- a/2020/10xxx/CVE-2020-10091.json +++ b/2020/10xxx/CVE-2020-10091.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10091", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10091", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab before 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10092.json b/2020/10xxx/CVE-2020-10092.json index e7bca13411b..8811a26c307 100644 --- a/2020/10xxx/CVE-2020-10092.json +++ b/2020/10xxx/CVE-2020-10092.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10092", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10092", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab before 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html", + "url": "https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/index.html" } ] } diff --git a/2020/10xxx/CVE-2020-10218.json b/2020/10xxx/CVE-2020-10218.json index 3dc12fce3c7..b3871be508d 100644 --- a/2020/10xxx/CVE-2020-10218.json +++ b/2020/10xxx/CVE-2020-10218.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10218", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10218", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroups/add id parameter because of the HolidaydatesController.php addAction function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sapplica/sentrifugo/commits/master", + "refsource": "MISC", + "name": "https://github.com/sapplica/sentrifugo/commits/master" + }, + { + "refsource": "EXPLOIT-DB", + "name": "Exploit Database", + "url": "https://www.exploit-db.com/exploits/48179" } ] }