diff --git a/2019/4xxx/CVE-2019-4323.json b/2019/4xxx/CVE-2019-4323.json index 0141fbb6e20..4ab37142df9 100644 --- a/2019/4xxx/CVE-2019-4323.json +++ b/2019/4xxx/CVE-2019-4323.json @@ -1,17 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4323", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-4323", + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "\"HCL AppScan Enterprise\"", + "version": { + "version_data": [ + { + "version_value": "\"Version 10.0.0 and below\"" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "\"Clickjacking\"" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080572", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080572" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080572&sys_kb_id=3668a078dbb9101855f38d6d13961955", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080572&sys_kb_id=3668a078dbb9101855f38d6d13961955" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame.\"" } ] } diff --git a/2019/4xxx/CVE-2019-4324.json b/2019/4xxx/CVE-2019-4324.json index debfe5e3d74..cd83c332c48 100644 --- a/2019/4xxx/CVE-2019-4324.json +++ b/2019/4xxx/CVE-2019-4324.json @@ -1,17 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4324", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-4324", + "ASSIGNER": "psirt@hcl.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "\"HCL AppScan Enterprise\"", + "version": { + "version_data": [ + { + "version_value": "\"Version 10.0.0 and below\"" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "\"Cross-site scripting\"" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080574", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080574" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hcltechsw.com/csm?id=kb_article&sys_id=cd5030b4dbbd101855f38d6d13961958", + "url": "https://support.hcltechsw.com/csm?id=kb_article&sys_id=cd5030b4dbbd101855f38d6d13961958" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy.\"" } ] } diff --git a/2019/5xxx/CVE-2019-5508.json b/2019/5xxx/CVE-2019-5508.json index 3e7cd3be82e..fcd09ef5293 100644 --- a/2019/5xxx/CVE-2019-5508.json +++ b/2019/5xxx/CVE-2019-5508.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "Clustered Data ONTAP versions 9.2 through 9.6 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS)." + "value": "Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS)." } ] } diff --git a/2020/15xxx/CVE-2020-15036.json b/2020/15xxx/CVE-2020-15036.json index d78aba9779e..eda68a68f10 100644 --- a/2020/15xxx/CVE-2020-15036.json +++ b/2020/15xxx/CVE-2020-15036.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15036", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15036", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.nedi.ch/download/", + "refsource": "MISC", + "name": "https://www.nedi.ch/download/" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/sudoninja-noob/c1722c118abc7a562a9a0de726266a19", + "url": "https://gist.github.com/sudoninja-noob/c1722c118abc7a562a9a0de726266a19" } ] } diff --git a/2020/15xxx/CVE-2020-15037.json b/2020/15xxx/CVE-2020-15037.json index 21de6fb9432..919c39c5c08 100644 --- a/2020/15xxx/CVE-2020-15037.json +++ b/2020/15xxx/CVE-2020-15037.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-15037", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-15037", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st[] parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.nedi.ch/download/", + "refsource": "MISC", + "name": "https://www.nedi.ch/download/" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/sudoninja-noob/c1722c118abc7a562a9a0de726266a19", + "url": "https://gist.github.com/sudoninja-noob/c1722c118abc7a562a9a0de726266a19" } ] } diff --git a/2020/15xxx/CVE-2020-15563.json b/2020/15xxx/CVE-2020-15563.json index ff0710ba900..41975e92e97 100644 --- a/2020/15xxx/CVE-2020-15563.json +++ b/2020/15xxx/CVE-2020-15563.json @@ -56,6 +56,11 @@ "url": "http://xenbits.xen.org/xsa/advisory-319.html", "refsource": "MISC", "name": "http://xenbits.xen.org/xsa/advisory-319.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200707 Xen Security Advisory 319 v3 (CVE-2020-15563) - inverted code paths in x86 dirty VRAM tracking", + "url": "http://www.openwall.com/lists/oss-security/2020/07/07/3" } ] } diff --git a/2020/15xxx/CVE-2020-15564.json b/2020/15xxx/CVE-2020-15564.json index c19cd959fd1..a4dc6a2847c 100644 --- a/2020/15xxx/CVE-2020-15564.json +++ b/2020/15xxx/CVE-2020-15564.json @@ -56,6 +56,11 @@ "url": "http://xenbits.xen.org/xsa/advisory-327.html", "refsource": "MISC", "name": "http://xenbits.xen.org/xsa/advisory-327.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200707 Xen Security Advisory 327 v3 (CVE-2020-15564) - Missing alignment check in VCPUOP_register_vcpu_info", + "url": "http://www.openwall.com/lists/oss-security/2020/07/07/5" } ] } diff --git a/2020/15xxx/CVE-2020-15565.json b/2020/15xxx/CVE-2020-15565.json index 0909793f9f9..3d1aa02cb38 100644 --- a/2020/15xxx/CVE-2020-15565.json +++ b/2020/15xxx/CVE-2020-15565.json @@ -56,6 +56,11 @@ "url": "http://xenbits.xen.org/xsa/advisory-321.html", "refsource": "MISC", "name": "http://xenbits.xen.org/xsa/advisory-321.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200707 Xen Security Advisory 321 v3 (CVE-2020-15565) - insufficient cache write-back under VT-d", + "url": "http://www.openwall.com/lists/oss-security/2020/07/07/4" } ] } diff --git a/2020/15xxx/CVE-2020-15566.json b/2020/15xxx/CVE-2020-15566.json index c32e808c572..e052d60bdd9 100644 --- a/2020/15xxx/CVE-2020-15566.json +++ b/2020/15xxx/CVE-2020-15566.json @@ -56,6 +56,11 @@ "url": "http://xenbits.xen.org/xsa/advisory-317.html", "refsource": "MISC", "name": "http://xenbits.xen.org/xsa/advisory-317.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200707 Xen Security Advisory 317 v3 (CVE-2020-15566) - Incorrect error handling in event channel port allocation", + "url": "http://www.openwall.com/lists/oss-security/2020/07/07/2" } ] } diff --git a/2020/15xxx/CVE-2020-15567.json b/2020/15xxx/CVE-2020-15567.json index c8c6c94a157..400a32010e7 100644 --- a/2020/15xxx/CVE-2020-15567.json +++ b/2020/15xxx/CVE-2020-15567.json @@ -56,6 +56,11 @@ "url": "http://xenbits.xen.org/xsa/advisory-328.html", "refsource": "MISC", "name": "http://xenbits.xen.org/xsa/advisory-328.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200707 Xen Security Advisory 328 v3 (CVE-2020-15567) - non-atomic modification of live EPT PTE", + "url": "http://www.openwall.com/lists/oss-security/2020/07/07/6" } ] }