From 5d2ca12337fef78c42c5f155e46a21bdd918833a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 3 Jan 2020 20:01:04 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2012/5xxx/CVE-2012-5693.json | 48 +++++++++++++++++++++++- 2012/5xxx/CVE-2012-5878.json | 53 +++++++++++++++++++++++++- 2014/10xxx/CVE-2014-10398.json | 62 +++++++++++++++++++++++++++++++ 2014/4xxx/CVE-2014-4196.json | 48 +++++++++++++++++++++++- 2014/5xxx/CVE-2014-5140.json | 68 +++++++++++++++++++++++++++++++++- 2014/5xxx/CVE-2014-5516.json | 58 ++++++++++++++++++++++++++++- 2014/8xxx/CVE-2014-8337.json | 53 +++++++++++++++++++++++++- 2019/16xxx/CVE-2019-16869.json | 5 +++ 2019/19xxx/CVE-2019-19231.json | 5 +++ 2020/5xxx/CVE-2020-5395.json | 62 +++++++++++++++++++++++++++++++ 10 files changed, 450 insertions(+), 12 deletions(-) create mode 100644 2014/10xxx/CVE-2014-10398.json create mode 100644 2020/5xxx/CVE-2020-5395.json diff --git a/2012/5xxx/CVE-2012-5693.json b/2012/5xxx/CVE-2012-5693.json index 4626af6b355..12830fa1dc0 100644 --- a/2012/5xxx/CVE-2012-5693.json +++ b/2012/5xxx/CVE-2012-5693.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5693", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/; the filename parameter to (3) CSAttack.pl or (4) SEAttack.pl in frameworkgui/; the phNo2Attack parameter to (5) CSAttack.pl or (6) SEAttack.pl in frameworkgui/; the (7) platformDD2 parameter to frameworkgui/SEAttack.pl; the (8) agentURLPath or (9) agentControlKey parameter to frameworkgui/attach2agents.pl; or the (10) controlKey parameter to frameworkgui/attachMobileModem.pl. NOTE: The hostingPath parameter to CSAttack.pl and SEAttack.pl vectors and the appURLPath parameter to attachMobileModem.pl vector are covered by CVE-2012-5878." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.htbridge.com/advisory/HTB23123", + "url": "https://www.htbridge.com/advisory/HTB23123" } ] } diff --git a/2012/5xxx/CVE-2012-5878.json b/2012/5xxx/CVE-2012-5878.json index 617c2b0f17d..93ff07d500a 100644 --- a/2012/5xxx/CVE-2012-5878.json +++ b/2012/5xxx/CVE-2012-5878.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5878", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.htbridge.com/advisory/HTB23123", + "url": "https://www.htbridge.com/advisory/HTB23123" + }, + { + "refsource": "MISC", + "name": "https://www.htbridge.com/advisory/HTB23127", + "url": "https://www.htbridge.com/advisory/HTB23127" } ] } diff --git a/2014/10xxx/CVE-2014-10398.json b/2014/10xxx/CVE-2014-10398.json new file mode 100644 index 00000000000..8d07900d9ea --- /dev/null +++ b/2014/10xxx/CVE-2014-10398.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-10398", + "ASSIGNER": "cve@mitre.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt", + "url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client. Private Client (aka RBS BS-Client. Retail Client) 2.5, 2.4, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) DICTIONARY, (2) FILTERIDENT, (3) FROMSCHEME, (4) FromPoint, or (5) FName_0 parameter and a valid sid parameter value." + } + ] + } +} \ No newline at end of file diff --git a/2014/4xxx/CVE-2014-4196.json b/2014/4xxx/CVE-2014-4196.json index d1c91b95262..133cd197d73 100644 --- a/2014/4xxx/CVE-2014-4196.json +++ b/2014/4xxx/CVE-2014-4196.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4196", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allows remote attackers to inject arbitrary web script or HTML via the colorstyle parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt", + "url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2014-009.txt" } ] } diff --git a/2014/5xxx/CVE-2014-5140.json b/2014/5xxx/CVE-2014-5140.json index 5b2927b848d..5fbd842ac34 100644 --- a/2014/5xxx/CVE-2014-5140.json +++ b/2014/5xxx/CVE-2014-5140.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5140", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct SQL injection attacks via the First name and Last name fields in the address book." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/128183/Loaded-Commerce-7-Shopping-Cart-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/128183/Loaded-Commerce-7-Shopping-Cart-SQL-Injection.html" + }, + { + "refsource": "MISC", + "name": "http://resources.infosecinstitute.com/exploiting-systemic-query-vulnerabilities-attempt-re-invent-pdo/", + "url": "http://resources.infosecinstitute.com/exploiting-systemic-query-vulnerabilities-attempt-re-invent-pdo/" + }, + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/34552", + "url": "http://www.exploit-db.com/exploits/34552" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95791", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95791" + }, + { + "refsource": "MISC", + "name": "https://github.com/loadedcommerce/loaded7/pull/520", + "url": "https://github.com/loadedcommerce/loaded7/pull/520" } ] } diff --git a/2014/5xxx/CVE-2014-5516.json b/2014/5xxx/CVE-2014-5516.json index 9366292c61a..dd464b46739 100644 --- a/2014/5xxx/CVE-2014-5516.json +++ b/2014/5xxx/CVE-2014-5516.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5516", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site request forgery (CSRF) vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a user email address via an unspecified GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/128342/KonaKart-Storefront-Application-Cross-Site-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/128342/KonaKart-Storefront-Application-Cross-Site-Request-Forgery.html" + }, + { + "refsource": "MISC", + "name": "http://www.christian-schneider.net/advisories/CVE-2014-5516.txt", + "url": "http://www.christian-schneider.net/advisories/CVE-2014-5516.txt" + }, + { + "refsource": "MISC", + "name": "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new", + "url": "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new" } ] } diff --git a/2014/8xxx/CVE-2014-8337.json b/2014/8xxx/CVE-2014-8337.json index 71334e9527d..3c1e840456c 100644 --- a/2014/8xxx/CVE-2014-8337.json +++ b/2014/8xxx/CVE-2014-8337.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8337", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted file upload vulnerability in includes/classes/uploadify-v2.1.4/uploadify.php in HelpDEZk 1.0.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the folder parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/128979/HelpDEZk-1.0.1-Unrestricted-File-Upload.html", + "url": "http://packetstormsecurity.com/files/128979/HelpDEZk-1.0.1-Unrestricted-File-Upload.html" + }, + { + "refsource": "MISC", + "name": "https://www.htbridge.com/advisory/HTB23239", + "url": "https://www.htbridge.com/advisory/HTB23239" } ] } diff --git a/2019/16xxx/CVE-2019-16869.json b/2019/16xxx/CVE-2019-16869.json index dc6888b02dc..b05768047e4 100644 --- a/2019/16xxx/CVE-2019-16869.json +++ b/2019/16xxx/CVE-2019-16869.json @@ -261,6 +261,11 @@ "refsource": "MLIST", "name": "[olingo-dev] 20191227 [jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty", "url": "https://lists.apache.org/thread.html/35961d1ae00849974353a932b4fef12ebce074541552eceefa04f1fd@%3Cdev.olingo.apache.org%3E" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4597", + "url": "https://www.debian.org/security/2020/dsa-4597" } ] } diff --git a/2019/19xxx/CVE-2019-19231.json b/2019/19xxx/CVE-2019-19231.json index 2b1dbaa6202..2f3844c5373 100644 --- a/2019/19xxx/CVE-2019-19231.json +++ b/2019/19xxx/CVE-2019-19231.json @@ -102,6 +102,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155758/CA-Client-Automation-14.x-Privilege-Escalation.html", "url": "http://packetstormsecurity.com/files/155758/CA-Client-Automation-14.x-Privilege-Escalation.html" + }, + { + "refsource": "FULLDISC", + "name": "20200103 CA20191218-01: Security Notice for CA Client Automation Agent for Windows", + "url": "http://seclists.org/fulldisclosure/2020/Jan/5" } ] }, diff --git a/2020/5xxx/CVE-2020-5395.json b/2020/5xxx/CVE-2020-5395.json new file mode 100644 index 00000000000..3013e3d730c --- /dev/null +++ b/2020/5xxx/CVE-2020-5395.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-5395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fontforge/fontforge/issues/4084", + "refsource": "MISC", + "name": "https://github.com/fontforge/fontforge/issues/4084" + } + ] + } +} \ No newline at end of file