diff --git a/2019/2xxx/CVE-2019-2056.json b/2019/2xxx/CVE-2019-2056.json index 22324bdec6e..260d3aa2887 100644 --- a/2019/2xxx/CVE-2019-2056.json +++ b/2019/2xxx/CVE-2019-2056.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2056", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-2056", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-04-01", + "url": "https://source.android.com/security/bulletin/2020-04-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a possible disclosure of RAM using a shared crypto key due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140879284" } ] } diff --git a/2020/0xxx/CVE-2020-0067.json b/2020/0xxx/CVE-2020-0067.json new file mode 100644 index 00000000000..1bcaa6a1d33 --- /dev/null +++ b/2020/0xxx/CVE-2020-0067.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0067", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/pixel/2020-04-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-04-01" + }, + { + "refsource": "MISC", + "name": "http://android.googlesource.com/kernel/common/+/688078e7", + "url": "http://android.googlesource.com/kernel/common/+/688078e7" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In f2fs_xattr_generic_list of xattr.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation.Product: Android. Versions: Android kernel. Android ID: A-120551147." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0068.json b/2020/0xxx/CVE-2020-0068.json new file mode 100644 index 00000000000..8c6a22cdcb9 --- /dev/null +++ b/2020/0xxx/CVE-2020-0068.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0068", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://source.android.com/security/bulletin/pixel/2020-04-01", + "url": "https://source.android.com/security/bulletin/pixel/2020-04-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: Android. Versions: Android kernel. Android ID: A-139354541" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0070.json b/2020/0xxx/CVE-2020-0070.json new file mode 100644 index 00000000000..2b9fd688461 --- /dev/null +++ b/2020/0xxx/CVE-2020-0070.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0070", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-04-01", + "url": "https://source.android.com/security/bulletin/2020-04-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148159613" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0071.json b/2020/0xxx/CVE-2020-0071.json new file mode 100644 index 00000000000..468867d9ecc --- /dev/null +++ b/2020/0xxx/CVE-2020-0071.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0071", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-04-01", + "url": "https://source.android.com/security/bulletin/2020-04-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147310721" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0072.json b/2020/0xxx/CVE-2020-0072.json new file mode 100644 index 00000000000..d59e300b1ea --- /dev/null +++ b/2020/0xxx/CVE-2020-0072.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0072", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-04-01", + "url": "https://source.android.com/security/bulletin/2020-04-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147310271" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0073.json b/2020/0xxx/CVE-2020-0073.json new file mode 100644 index 00000000000..d554182a10d --- /dev/null +++ b/2020/0xxx/CVE-2020-0073.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0073", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-04-01", + "url": "https://source.android.com/security/bulletin/2020-04-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-147309942" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0075.json b/2020/0xxx/CVE-2020-0075.json new file mode 100644 index 00000000000..c682d217527 --- /dev/null +++ b/2020/0xxx/CVE-2020-0075.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0075", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-04-01", + "url": "https://source.android.com/security/bulletin/2020-04-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In set_shared_key of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146057864" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0076.json b/2020/0xxx/CVE-2020-0076.json new file mode 100644 index 00000000000..37147cb16ac --- /dev/null +++ b/2020/0xxx/CVE-2020-0076.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0076", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-04-01", + "url": "https://source.android.com/security/bulletin/2020-04-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In get_auth_result of the FPC IRIS TrustZone app, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146056878" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0077.json b/2020/0xxx/CVE-2020-0077.json new file mode 100644 index 00000000000..82a4fdc5c67 --- /dev/null +++ b/2020/0xxx/CVE-2020-0077.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0077", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-04-01", + "url": "https://source.android.com/security/bulletin/2020-04-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In authorize_enroll of the FPC IRIS TrustZone app, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-146055840" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0078.json b/2020/0xxx/CVE-2020-0078.json new file mode 100644 index 00000000000..9fa71cc2239 --- /dev/null +++ b/2020/0xxx/CVE-2020-0078.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0078", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-04-01", + "url": "https://source.android.com/security/bulletin/2020-04-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In releaseSecureStops of DrmPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144766455" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0079.json b/2020/0xxx/CVE-2020-0079.json new file mode 100644 index 00000000000..bcc0b8ab4b7 --- /dev/null +++ b/2020/0xxx/CVE-2020-0079.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0079", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-04-01", + "url": "https://source.android.com/security/bulletin/2020-04-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144506242" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0080.json b/2020/0xxx/CVE-2020-0080.json new file mode 100644 index 00000000000..a53a1e18c37 --- /dev/null +++ b/2020/0xxx/CVE-2020-0080.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0080", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-04-01", + "url": "https://source.android.com/security/bulletin/2020-04-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In onOpActiveChanged and related methods of AppOpsControllerImpl.java, there is a possible way to display an app overlaying other apps without the notification icon that it's overlaying. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144092031" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0081.json b/2020/0xxx/CVE-2020-0081.json new file mode 100644 index 00000000000..f52e5a1b958 --- /dev/null +++ b/2020/0xxx/CVE-2020-0081.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0081", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-04-01", + "url": "https://source.android.com/security/bulletin/2020-04-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In finalize of AssetManager.java, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144028297" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0082.json b/2020/0xxx/CVE-2020-0082.json new file mode 100644 index 00000000000..8647849bd50 --- /dev/null +++ b/2020/0xxx/CVE-2020-0082.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0082", + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2020-04-01", + "url": "https://source.android.com/security/bulletin/2020-04-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ExternalVibration of ExternalVibration.java, there is a possible activation of an arbitrary intent due to unsafe deserialization. This could lead to local escalation of privilege to system_server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140417434" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11658.json b/2020/11xxx/CVE-2020-11658.json index b03a6202ebc..d48ce68af1b 100644 --- a/2020/11xxx/CVE-2020-11658.json +++ b/2020/11xxx/CVE-2020-11658.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html", "url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html" + }, + { + "refsource": "FULLDISC", + "name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal", + "url": "http://seclists.org/fulldisclosure/2020/Apr/24" } ] }, diff --git a/2020/11xxx/CVE-2020-11659.json b/2020/11xxx/CVE-2020-11659.json index 062b3f845b8..1298c3fa541 100644 --- a/2020/11xxx/CVE-2020-11659.json +++ b/2020/11xxx/CVE-2020-11659.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html", "url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html" + }, + { + "refsource": "FULLDISC", + "name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal", + "url": "http://seclists.org/fulldisclosure/2020/Apr/24" } ] }, diff --git a/2020/11xxx/CVE-2020-11660.json b/2020/11xxx/CVE-2020-11660.json index 02d0a1dcf96..d711ff4983b 100644 --- a/2020/11xxx/CVE-2020-11660.json +++ b/2020/11xxx/CVE-2020-11660.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html", "url": "https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2020/CA20200414-01-Securit-Notice-for-CA-API-Developer-Portal.html" + }, + { + "refsource": "FULLDISC", + "name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal", + "url": "http://seclists.org/fulldisclosure/2020/Apr/24" } ] }, diff --git a/2020/11xxx/CVE-2020-11661.json b/2020/11xxx/CVE-2020-11661.json index e9420a7f059..c26c15480ad 100644 --- a/2020/11xxx/CVE-2020-11661.json +++ b/2020/11xxx/CVE-2020-11661.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html", "url": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html" + }, + { + "refsource": "FULLDISC", + "name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal", + "url": "http://seclists.org/fulldisclosure/2020/Apr/24" } ] }, diff --git a/2020/11xxx/CVE-2020-11662.json b/2020/11xxx/CVE-2020-11662.json index ffa0cf6c020..094b5c79518 100644 --- a/2020/11xxx/CVE-2020-11662.json +++ b/2020/11xxx/CVE-2020-11662.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html", "url": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html" + }, + { + "refsource": "FULLDISC", + "name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal", + "url": "http://seclists.org/fulldisclosure/2020/Apr/24" } ] }, diff --git a/2020/11xxx/CVE-2020-11663.json b/2020/11xxx/CVE-2020-11663.json index 7620bb6b530..440b3772647 100644 --- a/2020/11xxx/CVE-2020-11663.json +++ b/2020/11xxx/CVE-2020-11663.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html", "url": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html" + }, + { + "refsource": "FULLDISC", + "name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal", + "url": "http://seclists.org/fulldisclosure/2020/Apr/24" } ] }, diff --git a/2020/11xxx/CVE-2020-11664.json b/2020/11xxx/CVE-2020-11664.json index 3fca8ac1440..a1c4997f7c5 100644 --- a/2020/11xxx/CVE-2020-11664.json +++ b/2020/11xxx/CVE-2020-11664.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html", "url": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html" + }, + { + "refsource": "FULLDISC", + "name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal", + "url": "http://seclists.org/fulldisclosure/2020/Apr/24" } ] }, diff --git a/2020/11xxx/CVE-2020-11665.json b/2020/11xxx/CVE-2020-11665.json index 187746edd09..76c941d69e4 100644 --- a/2020/11xxx/CVE-2020-11665.json +++ b/2020/11xxx/CVE-2020-11665.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html", "url": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html" + }, + { + "refsource": "FULLDISC", + "name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal", + "url": "http://seclists.org/fulldisclosure/2020/Apr/24" } ] }, diff --git a/2020/11xxx/CVE-2020-11666.json b/2020/11xxx/CVE-2020-11666.json index dc9a15af6d9..9a787f3f4ae 100644 --- a/2020/11xxx/CVE-2020-11666.json +++ b/2020/11xxx/CVE-2020-11666.json @@ -53,6 +53,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html", "url": "http://packetstormsecurity.com/files/157244/CA-API-Developer-Portal-4.2.x-4.3.1-Access-Bypass-Privilege-Escalation.html" + }, + { + "refsource": "FULLDISC", + "name": "20200417 CA20200414-01: Security Notice for CA API Developer Portal", + "url": "http://seclists.org/fulldisclosure/2020/Apr/24" } ] }, diff --git a/2020/11xxx/CVE-2020-11882.json b/2020/11xxx/CVE-2020-11882.json new file mode 100644 index 00000000000..bf97842b4e1 --- /dev/null +++ b/2020/11xxx/CVE-2020-11882.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11882", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11883.json b/2020/11xxx/CVE-2020-11883.json new file mode 100644 index 00000000000..29b9c9333db --- /dev/null +++ b/2020/11xxx/CVE-2020-11883.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-11883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/DivanteLtd/vue-storefront-api/pull/431", + "refsource": "MISC", + "name": "https://github.com/DivanteLtd/vue-storefront-api/pull/431" + }, + { + "url": "https://github.com/DivanteLtd/storefront-api/pull/59", + "refsource": "MISC", + "name": "https://github.com/DivanteLtd/storefront-api/pull/59" + } + ] + } +} \ No newline at end of file diff --git a/2020/11xxx/CVE-2020-11884.json b/2020/11xxx/CVE-2020-11884.json new file mode 100644 index 00000000000..3d2a6cb20f7 --- /dev/null +++ b/2020/11xxx/CVE-2020-11884.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11884", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1751.json b/2020/1xxx/CVE-2020-1751.json index 5e19a7dec55..6a7e3d3f620 100644 --- a/2020/1xxx/CVE-2020-1751.json +++ b/2020/1xxx/CVE-2020-1751.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1751", - "ASSIGNER": "gsuckevi@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/2xxx/CVE-2020-2771.json b/2020/2xxx/CVE-2020-2771.json index fc3cf267a5f..71dab92f43c 100644 --- a/2020/2xxx/CVE-2020-2771.json +++ b/2020/2xxx/CVE-2020-2771.json @@ -73,6 +73,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200415 CVE-2020-2771, CVE-2020-2851, CVE-2020-2944 - Multiple vulnerabilities in Oracle Solaris", "url": "http://www.openwall.com/lists/oss-security/2020/04/15/3" + }, + { + "refsource": "FULLDISC", + "name": "20200417 CVE-2020-2771, CVE-2020-2851, CVE-2020-2944 - Multiple vulnerabilities in Oracle Solaris", + "url": "http://seclists.org/fulldisclosure/2020/Apr/25" } ] } diff --git a/2020/2xxx/CVE-2020-2851.json b/2020/2xxx/CVE-2020-2851.json index 7c7c68f6bb5..13bc3becd3d 100644 --- a/2020/2xxx/CVE-2020-2851.json +++ b/2020/2xxx/CVE-2020-2851.json @@ -73,6 +73,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200415 CVE-2020-2771, CVE-2020-2851, CVE-2020-2944 - Multiple vulnerabilities in Oracle Solaris", "url": "http://www.openwall.com/lists/oss-security/2020/04/15/3" + }, + { + "refsource": "FULLDISC", + "name": "20200417 CVE-2020-2771, CVE-2020-2851, CVE-2020-2944 - Multiple vulnerabilities in Oracle Solaris", + "url": "http://seclists.org/fulldisclosure/2020/Apr/25" } ] } diff --git a/2020/2xxx/CVE-2020-2944.json b/2020/2xxx/CVE-2020-2944.json index 837dbf59846..338e8f3ab31 100644 --- a/2020/2xxx/CVE-2020-2944.json +++ b/2020/2xxx/CVE-2020-2944.json @@ -73,6 +73,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200415 CVE-2020-2771, CVE-2020-2851, CVE-2020-2944 - Multiple vulnerabilities in Oracle Solaris", "url": "http://www.openwall.com/lists/oss-security/2020/04/15/3" + }, + { + "refsource": "FULLDISC", + "name": "20200417 CVE-2020-2771, CVE-2020-2851, CVE-2020-2944 - Multiple vulnerabilities in Oracle Solaris", + "url": "http://seclists.org/fulldisclosure/2020/Apr/25" } ] } diff --git a/2020/5xxx/CVE-2020-5728.json b/2020/5xxx/CVE-2020-5728.json index 48ab47ce64e..88a5d6894d9 100644 --- a/2020/5xxx/CVE-2020-5728.json +++ b/2020/5xxx/CVE-2020-5728.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5728", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OpenMRS", + "version": { + "version_data": [ + { + "version_value": "Versions 2.90 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-18", + "url": "https://www.tenable.com/security/research/tra-2020-18" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenMRS 2.9 and prior copies \"Referrer\" header values into an html element named \"redirectUrl\" within many webpages (such as login.htm). There is insufficient validation for this parameter, which allows for the possibility of cross-site scripting." } ] } diff --git a/2020/5xxx/CVE-2020-5729.json b/2020/5xxx/CVE-2020-5729.json index 7e6afb6f20c..46b8a7c0b60 100644 --- a/2020/5xxx/CVE-2020-5729.json +++ b/2020/5xxx/CVE-2020-5729.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5729", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OpenMRS", + "version": { + "version_data": [ + { + "version_value": "Versions 2.90 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-18", + "url": "https://www.tenable.com/security/research/tra-2020-18" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitrary, user-supplied input back to the browser, which can result in XSS. Any page that is able to trigger a UI Framework Error is susceptible to this issue." } ] } diff --git a/2020/5xxx/CVE-2020-5730.json b/2020/5xxx/CVE-2020-5730.json index 32e0c368eff..46598495f57 100644 --- a/2020/5xxx/CVE-2020-5730.json +++ b/2020/5xxx/CVE-2020-5730.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5730", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OpenMRS", + "version": { + "version_data": [ + { + "version_value": "Versions 2.90 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-18", + "url": "https://www.tenable.com/security/research/tra-2020-18" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In OpenMRS 2.9 and prior, the sessionLocation parameter for the login page is vulnerable to cross-site scripting." } ] } diff --git a/2020/5xxx/CVE-2020-5731.json b/2020/5xxx/CVE-2020-5731.json index 50bad9227bf..19572e50fd7 100644 --- a/2020/5xxx/CVE-2020-5731.json +++ b/2020/5xxx/CVE-2020-5731.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5731", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OpenMRS", + "version": { + "version_data": [ + { + "version_value": "Versions 2.90 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-18", + "url": "https://www.tenable.com/security/research/tra-2020-18" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page is vulnerable to cross-site scripting." } ] } diff --git a/2020/5xxx/CVE-2020-5732.json b/2020/5xxx/CVE-2020-5732.json index def030b7d5d..6d5f773c2ee 100644 --- a/2020/5xxx/CVE-2020-5732.json +++ b/2020/5xxx/CVE-2020-5732.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5732", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OpenMRS", + "version": { + "version_data": [ + { + "version_value": "Versions 2.90 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Authentication Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-18", + "url": "https://www.tenable.com/security/research/tra-2020-18" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In OpenMRS 2.9 and prior, he import functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows unauthenticated users to use a feature typically restricted to administrators." } ] } diff --git a/2020/5xxx/CVE-2020-5733.json b/2020/5xxx/CVE-2020-5733.json index c40d638c72e..df9d86cf718 100644 --- a/2020/5xxx/CVE-2020-5733.json +++ b/2020/5xxx/CVE-2020-5733.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5733", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OpenMRS", + "version": { + "version_data": [ + { + "version_value": "Versions 2.90 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-18", + "url": "https://www.tenable.com/security/research/tra-2020-18" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In OpenMRS 2.9 and prior, the export functionality of the Data Exchange Module does not properly redirect to a login page when an unauthenticated user attempts to access it. This allows the export of potentially sensitive information." } ] } diff --git a/2020/5xxx/CVE-2020-5737.json b/2020/5xxx/CVE-2020-5737.json index e5e40ecd31d..5a3ca87ddd3 100644 --- a/2020/5xxx/CVE-2020-5737.json +++ b/2020/5xxx/CVE-2020-5737.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5737", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Tenable.Sc", + "version": { + "version_data": [ + { + "version_value": "< 5.14.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stored XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/tns-2020-02", + "url": "https://www.tenable.com/security/tns-2020-02" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated remote attacker to craft a request to execute arbitrary script code in a user's browser session. Updated input validation techniques have been implemented to correct this issue." } ] }