diff --git a/2014/3xxx/CVE-2014-3718.json b/2014/3xxx/CVE-2014-3718.json index c3b0e018064..91a29559024 100644 --- a/2014/3xxx/CVE-2014-3718.json +++ b/2014/3xxx/CVE-2014-3718.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3718", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to inject arbitrary web script or HTML via the (1) find, (2) lib, or (3) sid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/126654/Aleph-500-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/126654/Aleph-500-Cross-Site-Scripting.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/May/67", + "url": "http://seclists.org/fulldisclosure/2014/May/67" } ] } diff --git a/2014/3xxx/CVE-2014-3719.json b/2014/3xxx/CVE-2014-3719.json index 3f0724bb4e5..0dddd4b55d5 100644 --- a/2014/3xxx/CVE-2014-3719.json +++ b/2014/3xxx/CVE-2014-3719.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3719", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via the (1) find, (2) lib, or (3) sid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/126635/Aleph-500-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/126635/Aleph-500-SQL-Injection.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/May/65", + "url": "http://seclists.org/fulldisclosure/2014/May/65" } ] } diff --git a/2018/11xxx/CVE-2018-11805.json b/2018/11xxx/CVE-2018-11805.json index 6bfe0a19aa3..d4c3e001598 100644 --- a/2018/11xxx/CVE-2018-11805.json +++ b/2018/11xxx/CVE-2018-11805.json @@ -173,6 +173,11 @@ "refsource": "MLIST", "name": "[spamassassin-users] 20200130 Re: ANNOUNCE: Apache SpamAssassin 3.4.4 available", "url": "https://lists.apache.org/thread.html/r2578c486552637bfedbe624940cc60d6463bd90044c887bdebb75e74@%3Cusers.spamassassin.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands", + "url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a@%3Cannounce.apache.org%3E" } ] }, diff --git a/2020/1xxx/CVE-2020-1930.json b/2020/1xxx/CVE-2020-1930.json index 7bf58d3e626..da4e7470edd 100644 --- a/2020/1xxx/CVE-2020-1930.json +++ b/2020/1xxx/CVE-2020-1930.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7648", "url": "https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7648" + }, + { + "refsource": "MLIST", + "name": "[announce] 20200130 [CVE-2020-1930] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands", + "url": "https://lists.apache.org/thread.html/r6729f3d3be754a06c39bb4f11c925a3631e8ea2b4c865546d755cb0a@%3Cannounce.apache.org%3E" } ] }, diff --git a/2020/5xxx/CVE-2020-5228.json b/2020/5xxx/CVE-2020-5228.json index 87f6c81e92d..8ac2f789d16 100644 --- a/2020/5xxx/CVE-2020-5228.json +++ b/2020/5xxx/CVE-2020-5228.json @@ -38,7 +38,7 @@ "description_data": [ { "lang": "eng", - "value": "Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH.\nOAI-PMH is part of the default workflow and is activated by default, requiring active user intervention of users to protect media. \nThis leads to users unknowingly handing out public access to events without their knowledge.\n\nThe problem has been addressed in Opencast 7.6 and 8.1 where the OAI-PMH endpoint is configured to require users with `ROLE_ADMIN` by default. In addition to this, Opencast 9 removes the OAI-PMH publication from the default workflow, making the publication a conscious decision users have to make by updating their workflows." + "value": "Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is part of the default workflow and is activated by default, requiring active user intervention of users to protect media. This leads to users unknowingly handing out public access to events without their knowledge. The problem has been addressed in Opencast 7.6 and 8.1 where the OAI-PMH endpoint is configured to require users with `ROLE_ADMIN` by default. In addition to this, Opencast 9 removes the OAI-PMH publication from the default workflow, making the publication a conscious decision users have to make by updating their workflows." } ] }, @@ -88,4 +88,4 @@ "advisory": "GHSA-6f54-3qr9-pjgj", "discovery": "UNKNOWN" } -} +} \ No newline at end of file