diff --git a/2005/4xxx/CVE-2005-4891.json b/2005/4xxx/CVE-2005-4891.json index be3d7f5b81d..c76d4136dc7 100644 --- a/2005/4xxx/CVE-2005-4891.json +++ b/2005/4xxx/CVE-2005-4891.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2005-4891", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Simple Machine Forum", + "product": { + "product_data": [ + { + "product_name": "Simple Machine Forum", + "version": { + "version_data": [ + { + "version_value": "1.0.4 and earlier" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/11/14/10", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/11/14/10" + }, + { + "refsource": "MISC", + "name": "https://securiteam.com/exploits/5HP0N0KG0O/", + "url": "https://securiteam.com/exploits/5HP0N0KG0O/" } ] } diff --git a/2006/7xxx/CVE-2006-7246.json b/2006/7xxx/CVE-2006-7246.json index 5b3b899f6d9..7d9d0bdc79f 100644 --- a/2006/7xxx/CVE-2006-7246.json +++ b/2006/7xxx/CVE-2006-7246.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-7246", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=341323", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=341323" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2010/04/22/2", + "url": "http://www.openwall.com/lists/oss-security/2010/04/22/2" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.novell.com/show_bug.cgi?id=574266", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=574266" + }, + { + "refsource": "MISC", + "name": "https://lwn.net/Articles/468868/", + "url": "https://lwn.net/Articles/468868/" } ] } diff --git a/2007/4xxx/CVE-2007-4773.json b/2007/4xxx/CVE-2007-4773.json index e6ffbf54ee4..f8e1525805d 100644 --- a/2007/4xxx/CVE-2007-4773.json +++ b/2007/4xxx/CVE-2007-4773.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4773", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Systrace before 1.6.0 has insufficient escape policy enforcement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.citi.umich.edu/u/provos/systrace/", + "refsource": "MISC", + "name": "http://www.citi.umich.edu/u/provos/systrace/" + }, + { + "refsource": "MISC", + "name": "http://taviso.decsystem.org/research.html", + "url": "http://taviso.decsystem.org/research.html" + }, + { + "url": "http://taviso.decsystem.org/research.t2t", + "refsource": "MISC", + "name": "http://taviso.decsystem.org/research.t2t" + }, + { + "refsource": "MISC", + "name": "https://www.provos.org/index.php?/archives/2007/12/C2.html", + "url": "https://www.provos.org/index.php?/archives/2007/12/C2.html" } ] } diff --git a/2007/4xxx/CVE-2007-4774.json b/2007/4xxx/CVE-2007-4774.json index fb6267d6fa0..92b4a46f28b 100644 --- a/2007/4xxx/CVE-2007-4774.json +++ b/2007/4xxx/CVE-2007-4774.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4774", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://taviso.decsystem.org/research.html", + "url": "http://taviso.decsystem.org/research.html" + }, + { + "url": "https://osdn.net/projects/linux-kernel-docs/scm/git/linux-2.4.36/listCommit?skip=60", + "refsource": "MISC", + "name": "https://osdn.net/projects/linux-kernel-docs/scm/git/linux-2.4.36/listCommit?skip=60" } ] } diff --git a/2007/6xxx/CVE-2007-6070.json b/2007/6xxx/CVE-2007-6070.json index 62936f29abc..a260ab20734 100644 --- a/2007/6xxx/CVE-2007-6070.json +++ b/2007/6xxx/CVE-2007-6070.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2007-6070", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2007-6070", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1382. Reason: This candidate is a reservation duplicate of CVE-2008-1382. Notes: All CVE users should reference CVE-2008-1382 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2007/6xxx/CVE-2007-6758.json b/2007/6xxx/CVE-2007-6758.json index 9db6272db84..56476545e57 100644 --- a/2007/6xxx/CVE-2007-6758.json +++ b/2007/6xxx/CVE-2007-6758.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6758", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://cxsecurity.com/issue/WLB-2015050162", + "refsource": "MISC", + "name": "http://cxsecurity.com/issue/WLB-2015050162" + }, + { + "refsource": "MISC", + "name": "http://attrition.org/pipermail/vim/2007-April/001545.html", + "url": "http://attrition.org/pipermail/vim/2007-April/001545.html" } ] } diff --git a/2008/7xxx/CVE-2008-7314.json b/2008/7xxx/CVE-2008-7314.json index 68f5b43a208..328a0f3b6e4 100644 --- a/2008/7xxx/CVE-2008-7314.json +++ b/2008/7xxx/CVE-2008-7314.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2008-7314", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mIRC", + "product": { + "product_data": [ + { + "product_name": "mIRC", + "version": { + "version_data": [ + { + "version_value": "before 6.35" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "mIRC before 6.35 allows attackers to cause a denial of service (crash) via a long nickname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.mirc.com/news.html", + "url": "http://www.mirc.com/news.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mirc.com/versions.txt", + "url": "https://www.mirc.com/versions.txt" } ] } diff --git a/2009/1xxx/CVE-2009-1120.json b/2009/1xxx/CVE-2009-1120.json index 02f3382c1ac..a3143629541 100644 --- a/2009/1xxx/CVE-2009-1120.json +++ b/2009/1xxx/CVE-2009-1120.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secure@dell.com", "ID": "CVE-2009-1120", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RepliStor", + "version": { + "version_data": [ + { + "version_value": "before ESA-09-003" + } + ] + } + } + ] + }, + "vendor_name": "EMC" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remote Code Execution Vulnerability. The flaw exists within the DoRcvRpcCall RPC function -exposed via the rep_srv.exe process- where the vulnerability is caused by an error when the rep_srv.exe handles a specially crafted packet sent by an unauthenticated attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-068/", + "refsource": "MISC", + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-068/" + }, + { + "refsource": "MISC", + "name": "https://fortiguard.com/encyclopedia/ips/17967/emc-replistor-server-service-doasocommand-code-execution", + "url": "https://fortiguard.com/encyclopedia/ips/17967/emc-replistor-server-service-doasocommand-code-execution" } ] } diff --git a/2009/3xxx/CVE-2009-3724.json b/2009/3xxx/CVE-2009-3724.json index 5f2bf87c31f..7bb35155c46 100644 --- a/2009/3xxx/CVE-2009-3724.json +++ b/2009/3xxx/CVE-2009-3724.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-3724", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "python-markdown2", + "product": { + "product_data": [ + { + "product_name": "python-markdown2", + "version": { + "version_data": [ + { + "version_value": "before 1.0.1.14" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2009/10/29/5", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2009/10/29/5" + }, + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-PYTHON-PYRAD-40000", + "url": "https://snyk.io/vuln/SNYK-PYTHON-PYRAD-40000" } ] } diff --git a/2009/5xxx/CVE-2009-5025.json b/2009/5xxx/CVE-2009-5025.json index 879df95e7c0..b65a1aeb1e4 100644 --- a/2009/5xxx/CVE-2009-5025.json +++ b/2009/5xxx/CVE-2009-5025.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-5025", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PyForum", + "product": { + "product_data": [ + { + "product_name": "PyForum", + "version": { + "version_data": [ + { + "version_value": "v1.0.3" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://packetstormsecurity.com/files/cve/CVE-2009-5025", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2009-5025" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2011/07/26/7", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/07/26/7" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2009/Nov/353", + "url": "https://seclists.org/fulldisclosure/2009/Nov/353" } ] } diff --git a/2009/5xxx/CVE-2009-5068.json b/2009/5xxx/CVE-2009-5068.json index 9054c098fa6..8c549885d3a 100644 --- a/2009/5xxx/CVE-2009-5068.json +++ b/2009/5xxx/CVE-2009-5068.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-5068", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SMF", + "product": { + "product_data": [ + { + "product_name": "SMF", + "version": { + "version_data": [ + { + "version_value": "through 2.0.3" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a file disclosure vulnerability in SMF (Simple Machines Forum) affecting versions through v2.0.3. On some configurations a SMF deployment is shared by several \"co-admins\" that are not trusted beyond the SMF deployment. This vulnerability allows them to read arbitrary files on the filesystem and therefore gain new privileges by reading the settings.php with the database passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "file disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2013/02/01/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/02/01/4" } ] } diff --git a/2010/0xxx/CVE-2010-0055.json b/2010/0xxx/CVE-2010-0055.json index cf240762dee..87ef28944fb 100644 --- a/2010/0xxx/CVE-2010-0055.json +++ b/2010/0xxx/CVE-2010-0055.json @@ -61,6 +61,11 @@ "name": "http://support.apple.com/kb/HT4077", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4077" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-6490123c7c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXQ3NRRTC4A3F3GW2RQNATJHYDIRSCBS/" } ] } diff --git a/2010/2xxx/CVE-2010-2076.json b/2010/2xxx/CVE-2010-2076.json index 0fb8d6a65a2..8001039afce 100644 --- a/2010/2xxx/CVE-2010-2076.json +++ b/2010/2xxx/CVE-2010-2076.json @@ -101,6 +101,11 @@ "name": "40969", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40969" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2010/2xxx/CVE-2010-2247.json b/2010/2xxx/CVE-2010-2247.json index dea3e0b0ee4..c904262f2bb 100644 --- a/2010/2xxx/CVE-2010-2247.json +++ b/2010/2xxx/CVE-2010-2247.json @@ -61,6 +61,16 @@ "url": "https://access.redhat.com/security/cve/cve-2010-2247", "refsource": "MISC", "name": "https://access.redhat.com/security/cve/cve-2010-2247" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-1db19e75db", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JLAGK43ZTRNAMRO7JI2AW4BAZS35QSEE/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a5b60d0c2b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLHAXN3XRR7RJ73SJTBSW3GZT4GLHI33/" } ] } diff --git a/2010/3xxx/CVE-2010-3048.json b/2010/3xxx/CVE-2010-3048.json index f4a7bd51b06..cc5405277f6 100644 --- a/2010/3xxx/CVE-2010-3048.json +++ b/2010/3xxx/CVE-2010-3048.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2010-3048", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Unified Personal Communicator", + "version": { + "version_data": [ + { + "version_value": "7.0 (1.13056)" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received data and does not perform validation if memory allocation is successful, causing a remote denial of service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.fuzzmyapp.com/advisories/FMA-2010-002/FMA-2010-002-EN.xml", + "refsource": "MISC", + "name": "http://www.fuzzmyapp.com/advisories/FMA-2010-002/FMA-2010-002-EN.xml" } ] } diff --git a/2010/3xxx/CVE-2010-3295.json b/2010/3xxx/CVE-2010-3295.json index 92254b5296c..08280ad0f6a 100644 --- a/2010/3xxx/CVE-2010-3295.json +++ b/2010/3xxx/CVE-2010-3295.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2010-3295", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2010-3295", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2011/0xxx/CVE-2011-0467.json b/2011/0xxx/CVE-2011-0467.json index 596b65a8dc0..97443487439 100644 --- a/2011/0xxx/CVE-2011-0467.json +++ b/2011/0xxx/CVE-2011-0467.json @@ -54,7 +54,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in the listing of available software of SUSE SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1." + "value": "A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1." } ] }, diff --git a/2011/1xxx/CVE-2011-1096.json b/2011/1xxx/CVE-2011-1096.json index fc4a3ca8f12..264133fbff8 100644 --- a/2011/1xxx/CVE-2011-1096.json +++ b/2011/1xxx/CVE-2011-1096.json @@ -176,6 +176,11 @@ "refsource": "MLIST", "name": "[cxf-commits] 20190326 svn commit: r1042570 [4/4] - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-http-signature.html docs/jax-rs-jose.html docs/jax-rs-oauth2.html docs/jax-rs-xml-security.html docs/secure-jax-rs-services.html", "url": "https://lists.apache.org/thread.html/8d5d29747548a24cccdb7f3e2d4d599ffb7ffe4537426b3c9a852cf4@%3Ccommits.cxf.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2011/2xxx/CVE-2011-2668.json b/2011/2xxx/CVE-2011-2668.json index 1cd8759647b..a60b89d6882 100644 --- a/2011/2xxx/CVE-2011-2668.json +++ b/2011/2xxx/CVE-2011-2668.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2011-2668", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "1.5.0.3 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the content-length header" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "header mishandling" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://jvn.jp/en/jp/JVN36721438/index.html", + "refsource": "MISC", + "name": "http://jvn.jp/en/jp/JVN36721438/index.html" } ] } diff --git a/2011/2xxx/CVE-2011-2669.json b/2011/2xxx/CVE-2011-2669.json index ce2c42fe8b4..c88d2af8a44 100644 --- a/2011/2xxx/CVE-2011-2669.json +++ b/2011/2xxx/CVE-2011-2669.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2011-2669", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Mozilla", + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "prior to 3.6" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue in the validation of certificates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://jvn.jp/en/jp/JVN70984231/index.html", + "refsource": "MISC", + "name": "http://jvn.jp/en/jp/JVN70984231/index.html" } ] } diff --git a/2011/2xxx/CVE-2011-2670.json b/2011/2xxx/CVE-2011-2670.json index bfe07c7ea73..ef4b4f09fca 100644 --- a/2011/2xxx/CVE-2011-2670.json +++ b/2011/2xxx/CVE-2011-2670.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2011-2670", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_value": "before 3.6" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of Cascading Style Sheets" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://jvn.jp/en/jp/JVN74649877/index.html", + "refsource": "MISC", + "name": "http://jvn.jp/en/jp/JVN74649877/index.html" } ] } diff --git a/2011/2xxx/CVE-2011-2706.json b/2011/2xxx/CVE-2011-2706.json index 51ddf6214dc..c418a3cddcd 100644 --- a/2011/2xxx/CVE-2011-2706.json +++ b/2011/2xxx/CVE-2011-2706.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2706", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "sNews", + "version": { + "version_data": [ + { + "version_value": "1.7.1" + } + ] + } + } + ] + }, + "vendor_name": "sNews" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Scripting (XSS) vulnerability exists in the reorder administrator functions in sNews 1.71." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/07/20/17", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/07/20/17" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2011/May/300", + "url": "https://seclists.org/fulldisclosure/2011/May/300" } ] } diff --git a/2011/2xxx/CVE-2011-2714.json b/2011/2xxx/CVE-2011-2714.json index 9bfd0ae8c68..28d23494daf 100644 --- a/2011/2xxx/CVE-2011-2714.json +++ b/2011/2xxx/CVE-2011-2714.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2714", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Drupal", + "product": { + "product_data": [ + { + "product_name": "Data-module", + "version": { + "version_data": [ + { + "version_value": "6.x-1.0-alpha14" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table descriptions, field names, or labels before display." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/07/26/8", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/07/26/8" + }, + { + "refsource": "MISC", + "name": "https://www.drupal.org/node/1056470", + "url": "https://www.drupal.org/node/1056470" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2011/Feb/219", + "url": "https://seclists.org/fulldisclosure/2011/Feb/219" } ] } diff --git a/2011/2xxx/CVE-2011-2715.json b/2011/2xxx/CVE-2011-2715.json index ed84903c11f..d6cbd6a936b 100644 --- a/2011/2xxx/CVE-2011-2715.json +++ b/2011/2xxx/CVE-2011-2715.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2715", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Drupal", + "product": { + "product_data": [ + { + "product_name": "Data-module", + "version": { + "version_data": [ + { + "version_value": "6.x-1.0-alpha14" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/07/26/8", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/07/26/8" + }, + { + "refsource": "MISC", + "name": "https://www.drupal.org/node/1056470", + "url": "https://www.drupal.org/node/1056470" } ] } diff --git a/2011/2xxx/CVE-2011-2933.json b/2011/2xxx/CVE-2011-2933.json index 2981dcb3493..d2351873579 100644 --- a/2011/2xxx/CVE-2011-2933.json +++ b/2011/2xxx/CVE-2011-2933.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2933", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebsiteBaker", + "version": { + "version_data": [ + { + "version_value": "through 2.8.1" + } + ] + } + } + ] + }, + "vendor_name": "WebsiteBaker" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Arbitrary File Upload vulnerability exists in admin/media/upload.php in WebsiteBaker 2.8.1 and earlier due to a failure to restrict uploaded files with .htaccess, .php4, .php5, and .phtl extensions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary File Upload" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/08/19/12", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/08/19/12" } ] } diff --git a/2011/2xxx/CVE-2011-2934.json b/2011/2xxx/CVE-2011-2934.json index e48597cc564..b5f462a7e7b 100644 --- a/2011/2xxx/CVE-2011-2934.json +++ b/2011/2xxx/CVE-2011-2934.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-2934", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebsiteBaker", + "version": { + "version_data": [ + { + "version_value": "through 2.8.1" + } + ] + } + } + ] + }, + "vendor_name": "WebsiteBaker" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross Site Request Forgery (CSRF) vulnerability exists in the administrator functions in WebsiteBaker 2.8.1 and earlier due to inadequate confirmation for sensitive transactions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CSRF" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/08/19/13", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/08/19/13" } ] } diff --git a/2011/3xxx/CVE-2011-3172.json b/2011/3xxx/CVE-2011-3172.json index 7f3d8648e0f..2ec81070430 100644 --- a/2011/3xxx/CVE-2011-3172.json +++ b/2011/3xxx/CVE-2011-3172.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability in pam_modules of SUSE SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE SUSE Linux Enterprise: versions prior to 12." + "value": "A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12." } ] }, diff --git a/2011/3xxx/CVE-2011-3183.json b/2011/3xxx/CVE-2011-3183.json index 56b45a4f45e..8c382f5484f 100644 --- a/2011/3xxx/CVE-2011-3183.json +++ b/2011/3xxx/CVE-2011-3183.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3183", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Concrete CMS", + "version": { + "version_data": [ + { + "version_value": "through 5.4.1.1" + } + ] + } + } + ] + }, + "vendor_name": "Concrete CMS" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/08/22/11", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/08/22/11" } ] } diff --git a/2011/3xxx/CVE-2011-3202.json b/2011/3xxx/CVE-2011-3202.json index 178d93819b9..35b300a4b80 100644 --- a/2011/3xxx/CVE-2011-3202.json +++ b/2011/3xxx/CVE-2011-3202.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3202", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jcow CMS", + "version": { + "version_data": [ + { + "version_value": "4.2" + } + ] + } + } + ] + }, + "vendor_name": "Jcow" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Scripting (XSS) vulnerability exists in the g parameter to index.php in Jcow CMS 4.2 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/08/30/5", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/08/30/5" } ] } diff --git a/2011/3xxx/CVE-2011-3203.json b/2011/3xxx/CVE-2011-3203.json index cc974c9f07f..d983c96fcbe 100644 --- a/2011/3xxx/CVE-2011-3203.json +++ b/2011/3xxx/CVE-2011-3203.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3203", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jcow CMS", + "version": { + "version_data": [ + { + "version_value": "4.x to 4.2 and 5.x to 5.2" + } + ] + } + } + ] + }, + "vendor_name": "Jcow" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Code Execution vulnerability exists the attachment parameter to index.php in Jcow CMS 4.x to 4.2 and 5.2 to 5.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/08/30/6", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/08/30/6" } ] } diff --git a/2011/3xxx/CVE-2011-3389.json b/2011/3xxx/CVE-2011-3389.json index 71d272eed00..01e3d746a1d 100644 --- a/2011/3xxx/CVE-2011-3389.json +++ b/2011/3xxx/CVE-2011-3389.json @@ -516,6 +516,11 @@ "refsource": "CONFIRM", "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2011/3xxx/CVE-2011-3582.json b/2011/3xxx/CVE-2011-3582.json index 2d0a1b22181..0b3304f6e4c 100644 --- a/2011/3xxx/CVE-2011-3582.json +++ b/2011/3xxx/CVE-2011-3582.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3582", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Electron Inc.", + "product": { + "product_data": [ + { + "product_name": "Advanced Electron Forums (AEF)", + "version": { + "version_data": [ + { + "version_value": "through 1.0.9" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirmation for sensitive transactions in the administrator functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CSRF" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/09/30/3", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/09/30/3" } ] } diff --git a/2011/3xxx/CVE-2011-3595.json b/2011/3xxx/CVE-2011-3595.json index 81b3e1c7392..89e0428eca5 100644 --- a/2011/3xxx/CVE-2011-3595.json +++ b/2011/3xxx/CVE-2011-3595.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3595", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla!", + "product": { + "product_data": [ + { + "product_name": "Joomla!", + "version": { + "version_data": [ + { + "version_value": "<= 1.7.0" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/04/7", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/04/7" + }, + { + "refsource": "MISC", + "name": "https://www.rapid7.com/db/vulnerabilities/joomla-20110902-core-xss-vulnerability", + "url": "https://www.rapid7.com/db/vulnerabilities/joomla-20110902-core-xss-vulnerability" + }, + { + "refsource": "MISC", + "name": "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-stable%5D_cross_site_scripting%28XSS%29", + "url": "http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-stable%5D_cross_site_scripting%28XSS%29" } ] } diff --git a/2011/3xxx/CVE-2011-3610.json b/2011/3xxx/CVE-2011-3610.json index dfd2c4ffb9f..2c2a68fecb6 100644 --- a/2011/3xxx/CVE-2011-3610.json +++ b/2011/3xxx/CVE-2011-3610.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3610", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Serendipity", + "product": { + "product_data": [ + { + "product_name": "serendipity freetag plugin", + "version": { + "version_data": [ + { + "version_value": "before 3.30" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-site Scripting (XSS) vulnerability exists in the Serendipity freetag plugin before 3.30 in the tagcloud parameter to plugins/serendipity_event_freetag/tagcloud.swf." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/10/3", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/10/3" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/105054/Secunia-Security-Advisory-46005.html", + "url": "https://packetstormsecurity.com/files/105054/Secunia-Security-Advisory-46005.html" + }, + { + "refsource": "MISC", + "name": "https://git.schokokeks.org/freewvs.git/blob/ddc4be296c9c49987b53be064d6d2a9d12f50452/freewvsdb/plugins.freewvs", + "url": "https://git.schokokeks.org/freewvs.git/blob/ddc4be296c9c49987b53be064d6d2a9d12f50452/freewvsdb/plugins.freewvs" } ] } diff --git a/2011/3xxx/CVE-2011-3611.json b/2011/3xxx/CVE-2011-3611.json index 918d926b2bd..1cb41f2f681 100644 --- a/2011/3xxx/CVE-2011-3611.json +++ b/2011/3xxx/CVE-2011-3611.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3611", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "UseBB", + "version": { + "version_data": [ + { + "version_value": "before 1.0.12" + } + ] + } + } + ] + }, + "vendor_name": "UseBB" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local File Inclusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/10/4", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/10/4" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/100103/UseBB-1.0.11-Cross-Site-Request-Forgery-Local-File-Inclusion.html", + "url": "https://packetstormsecurity.com/files/100103/UseBB-1.0.11-Cross-Site-Request-Forgery-Local-File-Inclusion.html" + }, + { + "refsource": "MISC", + "name": "https://www.immuniweb.com/advisory/HTB22913", + "url": "https://www.immuniweb.com/advisory/HTB22913" } ] } diff --git a/2011/3xxx/CVE-2011-3612.json b/2011/3xxx/CVE-2011-3612.json index 18325f4a92b..4ffd4e0d979 100644 --- a/2011/3xxx/CVE-2011-3612.json +++ b/2011/3xxx/CVE-2011-3612.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3612", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "UseBB", + "version": { + "version_data": [ + { + "version_value": "before 1.0.12" + } + ] + } + } + ] + }, + "vendor_name": "UseBB" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CSRF" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/10/4", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/10/4" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/100103/UseBB-1.0.11-Cross-Site-Request-Forgery-Local-File-Inclusion.html", + "url": "https://packetstormsecurity.com/files/100103/UseBB-1.0.11-Cross-Site-Request-Forgery-Local-File-Inclusion.html" + }, + { + "refsource": "MISC", + "name": "https://www.immuniweb.com/advisory/HTB22913", + "url": "https://www.immuniweb.com/advisory/HTB22913" } ] } diff --git a/2011/3xxx/CVE-2011-3613.json b/2011/3xxx/CVE-2011-3613.json index 73d866de283..4e6098e44ab 100644 --- a/2011/3xxx/CVE-2011-3613.json +++ b/2011/3xxx/CVE-2011-3613.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3613", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Vanilla", + "product": { + "product_data": [ + { + "product_name": "Vanilla Forums", + "version": { + "version_data": [ + { + "version_value": "before 2.0.17.9" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cookie theft" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/10/5", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/10/5" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html", + "url": "https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html" } ] } diff --git a/2011/3xxx/CVE-2011-3614.json b/2011/3xxx/CVE-2011-3614.json index 83ab13ba0d4..6369efb7c79 100644 --- a/2011/3xxx/CVE-2011-3614.json +++ b/2011/3xxx/CVE-2011-3614.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3614", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Vanilla", + "product": { + "product_data": [ + { + "product_name": "Vanilla Forums", + "version": { + "version_data": [ + { + "version_value": "before 2.0.17.9" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "incorrect access control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/10/5", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/10/5" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html", + "url": "https://packetstormsecurity.com/files/105853/Secunia-Security-Advisory-46387.html" } ] } diff --git a/2011/3xxx/CVE-2011-3621.json b/2011/3xxx/CVE-2011-3621.json index da5aac69f26..d8ec627a28d 100644 --- a/2011/3xxx/CVE-2011-3621.json +++ b/2011/3xxx/CVE-2011-3621.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3621", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "FluxBB", + "product": { + "product_data": [ + { + "product_name": "FluxBB", + "version": { + "version_data": [ + { + "version_value": "before 1.4.7" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "mishandles reverse proxying" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/18/8", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/18/8" + }, + { + "refsource": "MISC", + "name": "https://fluxbb.org/forums/viewtopic.php?id=5751", + "url": "https://fluxbb.org/forums/viewtopic.php?id=5751" } ] } diff --git a/2011/3xxx/CVE-2011-3622.json b/2011/3xxx/CVE-2011-3622.json index 7b9339ea16f..43f5b174300 100644 --- a/2011/3xxx/CVE-2011-3622.json +++ b/2011/3xxx/CVE-2011-3622.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-3622", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Phorum", + "product": { + "product_data": [ + { + "product_name": "Phorum", + "version": { + "version_data": [ + { + "version_value": "before 5.2.18" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/18/9", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/18/9" + }, + { + "refsource": "MISC", + "name": "https://www.phorum.org/phorum5/read.php?64,149588", + "url": "https://www.phorum.org/phorum5/read.php?64,149588" } ] } diff --git a/2011/4xxx/CVE-2011-4094.json b/2011/4xxx/CVE-2011-4094.json index 01641a833d7..394486b5dae 100644 --- a/2011/4xxx/CVE-2011-4094.json +++ b/2011/4xxx/CVE-2011-4094.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4094", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jara", + "product": { + "product_data": [ + { + "product_name": "Jara", + "version": { + "version_data": [ + { + "version_value": "1.6" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jara 1.6 has a SQL injection vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/31/4", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/31/4" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/fulldisclosure/2011/Oct/767", + "url": "https://seclists.org/fulldisclosure/2011/Oct/767" + }, + { + "refsource": "EXPLOIT-DB", + "name": "Exploit Database", + "url": "https://www.exploit-db.com/exploits/18020" } ] } diff --git a/2011/4xxx/CVE-2011-4095.json b/2011/4xxx/CVE-2011-4095.json index ee794fb09cf..d21c6407850 100644 --- a/2011/4xxx/CVE-2011-4095.json +++ b/2011/4xxx/CVE-2011-4095.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4095", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jara", + "version": { + "version_data": [ + { + "version_value": "1.6" + } + ] + } + } + ] + }, + "vendor_name": "Jara" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jara 1.6 has an XSS vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/10/31/4", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/10/31/4" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/oss-sec/2011/q4/193", + "url": "https://seclists.org/oss-sec/2011/q4/193" } ] } diff --git a/2011/4xxx/CVE-2011-4322.json b/2011/4xxx/CVE-2011-4322.json index ad24476496e..7894b26e4d5 100644 --- a/2011/4xxx/CVE-2011-4322.json +++ b/2011/4xxx/CVE-2011-4322.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4322", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "websitebaker", + "product": { + "product_data": [ + { + "product_name": "websitebaker", + "version": { + "version_data": [ + { + "version_value": "prior to and including 2.8.1" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "websitebaker prior to and including 2.8.1 has an authentication error in backup module." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/11/21/2", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/11/21/2" } ] } diff --git a/2011/4xxx/CVE-2011-4336.json b/2011/4xxx/CVE-2011-4336.json index abd13941973..6312992aa42 100644 --- a/2011/4xxx/CVE-2011-4336.json +++ b/2011/4xxx/CVE-2011-4336.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4336", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Tiki", + "product": { + "product_data": [ + { + "product_name": "Wiki CMS Groupware", + "version": { + "version_data": [ + { + "version_value": "7.0" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tiki Wiki CMS Groupware 7.0 has XSS via the GET \"ajax\" parameter to snarf_ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://seclists.org/bugtraq/2011/Nov/140", + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2011/Nov/140" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/48806/info", + "url": "https://www.securityfocus.com/bid/48806/info" } ] } diff --git a/2011/4xxx/CVE-2011-4558.json b/2011/4xxx/CVE-2011-4558.json index 81a582adcd9..9d449eb17f1 100644 --- a/2011/4xxx/CVE-2011-4558.json +++ b/2011/4xxx/CVE-2011-4558.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-4558", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tiki 8.2 and earlier allows remote administrators to execute arbitrary PHP code via crafted input to the regexres and regex parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/108111/Tiki-Wiki-CMS-Groupware-8.2-Code-Injection.html", + "url": "https://packetstormsecurity.com/files/108111/Tiki-Wiki-CMS-Groupware-8.2-Code-Injection.html" } ] } diff --git a/2011/4xxx/CVE-2011-4907.json b/2011/4xxx/CVE-2011-4907.json index cd2de561355..73eb47dce58 100644 --- a/2011/4xxx/CVE-2011-4907.json +++ b/2011/4xxx/CVE-2011-4907.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4907", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla!", + "product": { + "product_data": [ + { + "product_name": "Joomla!", + "version": { + "version_data": [ + { + "version_value": "1.5x through 1.5.12" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Joomla! 1.5x through 1.5.12: Missing JEXEC Check" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.openwall.com/lists/oss-security/2011/12/25/7", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2011/12/25/7" + }, + { + "refsource": "MISC", + "name": "https://developer.joomla.org/security/news/301-20090722-core-file-upload.html", + "url": "https://developer.joomla.org/security/news/301-20090722-core-file-upload.html" } ] } diff --git a/2011/4xxx/CVE-2011-4943.json b/2011/4xxx/CVE-2011-4943.json index 660df24f456..7a1e9d2a83f 100644 --- a/2011/4xxx/CVE-2011-4943.json +++ b/2011/4xxx/CVE-2011-4943.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4943", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ImpressPages CMS", + "version": { + "version_data": [ + { + "version_value": "before v1.0.13" + } + ] + } + } + ] + }, + "vendor_name": "ImpressPages CMS" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ImpressPages CMS v1.0.12 has Unspecified Remote Code Execution (fixed in v1.0.13)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/03/23/16", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/23/16" } ] } diff --git a/2011/4xxx/CVE-2011-4944.json b/2011/4xxx/CVE-2011-4944.json index 5cc06752081..84a3e9496cf 100644 --- a/2011/4xxx/CVE-2011-4944.json +++ b/2011/4xxx/CVE-2011-4944.json @@ -146,6 +146,11 @@ "name": "USN-1613-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-1613-1" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2011/5xxx/CVE-2011-5020.json b/2011/5xxx/CVE-2011-5020.json index 8b954d5c9d4..2323095bf36 100644 --- a/2011/5xxx/CVE-2011-5020.json +++ b/2011/5xxx/CVE-2011-5020.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-5020", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.cloudscan.me/2012/02/cve-2011-5020-online-tv-database-sql.html", + "refsource": "MISC", + "name": "http://www.cloudscan.me/2012/02/cve-2011-5020-online-tv-database-sql.html" } ] } diff --git a/2011/5xxx/CVE-2011-5282.json b/2011/5xxx/CVE-2011-5282.json index 69aa989ce94..f3c4d696c36 100644 --- a/2011/5xxx/CVE-2011-5282.json +++ b/2011/5xxx/CVE-2011-5282.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-5282", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mIRC", + "product": { + "product_data": [ + { + "product_name": "mIRC", + "version": { + "version_data": [ + { + "version_value": "prior to 7.22" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "mIRC prior to 7.22 has a message leak because chopping of outbound messages is mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "data leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.mirc.com/news.html", + "refsource": "MISC", + "name": "http://www.mirc.com/news.html" } ] } diff --git a/2012/0xxx/CVE-2012-0070.json b/2012/0xxx/CVE-2012-0070.json index efbf3cf83c2..f78d746639b 100644 --- a/2012/0xxx/CVE-2012-0070.json +++ b/2012/0xxx/CVE-2012-0070.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-0070", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "spamdyke", + "product": { + "product_data": [ + { + "product_name": "spamdyke", + "version": { + "version_data": [ + { + "version_value": "prior to 4.2.1" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "spamdyke prior to 4.2.1: STARTTLS reveals plaintext" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/01/20/7", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/01/20/7" + }, + { + "refsource": "MISC", + "name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0070", + "url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-0070" } ] } diff --git a/2012/0xxx/CVE-2012-0334.json b/2012/0xxx/CVE-2012-0334.json index caa8c86e85e..98b51630872 100644 --- a/2012/0xxx/CVE-2012-0334.json +++ b/2012/0xxx/CVE-2012-0334.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2012-0334", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "IronPort Web Security Appliance AsyncOS", + "version": { + "version_data": [ + { + "version_value": "prior to 7.5" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/52981", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/52981" + }, + { + "refsource": "CONFIRM", + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-0334", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-0334" } ] } diff --git a/2012/0xxx/CVE-2012-0803.json b/2012/0xxx/CVE-2012-0803.json index e9fd15f8c41..b0c2438104b 100644 --- a/2012/0xxx/CVE-2012-0803.json +++ b/2012/0xxx/CVE-2012-0803.json @@ -61,6 +61,11 @@ "name": "http://svn.apache.org/viewvc?view=revision&revision=1233457", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision&revision=1233457" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2012/0xxx/CVE-2012-0845.json b/2012/0xxx/CVE-2012-0845.json index 5e770ad9faf..84b6c447685 100644 --- a/2012/0xxx/CVE-2012-0845.json +++ b/2012/0xxx/CVE-2012-0845.json @@ -151,6 +151,11 @@ "name": "http://python.org/download/releases/2.7.3/", "refsource": "CONFIRM", "url": "http://python.org/download/releases/2.7.3/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2012/0xxx/CVE-2012-0945.json b/2012/0xxx/CVE-2012-0945.json index a63387efb18..b422b1e8f81 100644 --- a/2012/0xxx/CVE-2012-0945.json +++ b/2012/0xxx/CVE-2012-0945.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@ubuntu.com", "ID": "CVE-2012-0945", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "whoopsie-daisy", + "product": { + "product_data": [ + { + "product_name": "whoopsie-daisy", + "version": { + "version_data": [ + { + "version_value": "< 0.1.26" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "whoopsie-daisy before 0.1.26: Root user can remove arbitrary files" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "incorrect access control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.launchpad.net/ubuntu/+source/whoopsie-daisy/+bug/973687", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/ubuntu/+source/whoopsie-daisy/+bug/973687" } ] } diff --git a/2012/1xxx/CVE-2012-1150.json b/2012/1xxx/CVE-2012-1150.json index 8e26d50dbf6..09a1b562686 100644 --- a/2012/1xxx/CVE-2012-1150.json +++ b/2012/1xxx/CVE-2012-1150.json @@ -136,6 +136,11 @@ "name": "http://python.org/download/releases/2.7.3/", "refsource": "CONFIRM", "url": "http://python.org/download/releases/2.7.3/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2012/1xxx/CVE-2012-1316.json b/2012/1xxx/CVE-2012-1316.json index 89dc7803b73..6aba384b68a 100644 --- a/2012/1xxx/CVE-2012-1316.json +++ b/2012/1xxx/CVE-2012-1316.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2012-1316", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "IronPort Web Security Appliance", + "version": { + "version_data": [ + { + "version_value": "through at least 2012-04-11" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/52981", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/52981" + }, + { + "refsource": "MISC", + "name": "https://www.secureworks.com/research/transitive-trust", + "url": "https://www.secureworks.com/research/transitive-trust" } ] } diff --git a/2012/1xxx/CVE-2012-1326.json b/2012/1xxx/CVE-2012-1326.json index 1ab53c52dc9..3bf83ea2cbe 100644 --- a/2012/1xxx/CVE-2012-1326.json +++ b/2012/1xxx/CVE-2012-1326.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@cisco.com", "ID": "CVE-2012-1326", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "IronPort Web Security Appliance", + "version": { + "version_data": [ + { + "version_value": "<= 7.5" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/52981", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/52981" + }, + { + "refsource": "CONFIRM", + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-1326", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20120412-CVE-2012-1326" } ] } diff --git a/2012/1xxx/CVE-2012-1495.json b/2012/1xxx/CVE-2012-1495.json index 0b005b61664..1e1acbdd685 100644 --- a/2012/1xxx/CVE-2012-1495.json +++ b/2012/1xxx/CVE-2012-1495.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1495", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "install/index.php in WebCalendar before 1.2.5 allows remote attackers to execute arbitrary code via the form_single_user_login parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/", + "url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/" + }, + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/18775", + "url": "https://www.exploit-db.com/exploits/18775" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html", + "url": "https://packetstormsecurity.com/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html", + "url": "https://packetstormsecurity.com/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html" } ] } diff --git a/2012/1xxx/CVE-2012-1496.json b/2012/1xxx/CVE-2012-1496.json index e1b8fa6b375..70e50bf2e1f 100644 --- a/2012/1xxx/CVE-2012-1496.json +++ b/2012/1xxx/CVE-2012-1496.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-1496", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Local file inclusion in WebCalendar before 1.2.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/", + "url": "http://sourceforge.net/projects/webcalendar/files/webcalendar%201.2/1.2.5/" } ] } diff --git a/2012/1xxx/CVE-2012-1562.json b/2012/1xxx/CVE-2012-1562.json index e98d62bc081..ac7ad9803db 100644 --- a/2012/1xxx/CVE-2012-1562.json +++ b/2012/1xxx/CVE-2012-1562.json @@ -1,8 +1,40 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1562", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla!", + "product": { + "product_data": [ + { + "product_name": "Joomla! core", + "version": { + "version_data": [ + { + "version_value": "2.5.2" + }, + { + "version_value": "2.5.1" + }, + { + "version_value": "2.5.0" + }, + { + "version_value": "and all 1.7.x and 1.6.x versions" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +43,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Joomla! core before 2.5.3 allows unauthorized password change." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/03/19/11", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/19/11" + }, + { + "refsource": "MISC", + "name": "https://developer.joomla.org/security/news/394-20120304-core-password-change.html", + "url": "https://developer.joomla.org/security/news/394-20120304-core-password-change.html" } ] } diff --git a/2012/1xxx/CVE-2012-1563.json b/2012/1xxx/CVE-2012-1563.json index 978993543d9..1830cbd2e74 100644 --- a/2012/1xxx/CVE-2012-1563.json +++ b/2012/1xxx/CVE-2012-1563.json @@ -1,8 +1,40 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-1563", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Joomla!", + "product": { + "product_data": [ + { + "product_name": "Joomla!", + "version": { + "version_data": [ + { + "version_value": "2.5.2" + }, + { + "version_value": "2.5.1" + }, + { + "version_value": "2.5.0" + }, + { + "version_value": "and all 1.7.x and 1.6.x releases" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +43,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Joomla! before 2.5.3 allows Admin Account Creation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Admin Account Creation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/03/19/11", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/03/19/11" + }, + { + "url": "https://www.exploit-db.com/exploits/41156/", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/41156/" + }, + { + "refsource": "MISC", + "name": "https://developer.joomla.org/security/news/395-20120303-core-privilege-escalation.html", + "url": "https://developer.joomla.org/security/news/395-20120303-core-privilege-escalation.html" } ] } diff --git a/2012/1xxx/CVE-2012-1592.json b/2012/1xxx/CVE-2012-1592.json index a8d0f999c7d..53bb3b4bf4d 100644 --- a/2012/1xxx/CVE-2012-1592.json +++ b/2012/1xxx/CVE-2012-1592.json @@ -71,6 +71,16 @@ "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2012/03/28/12", "url": "http://www.openwall.com/lists/oss-security/2012/03/28/12" + }, + { + "refsource": "MLIST", + "name": "[struts-issues] 20200122 [jira] [Created] (WW-5055) Fix for security vulnerability CVE-2012-1592 identified in the National Vulnerability Database", + "url": "https://lists.apache.org/thread.html/r348ed455a140273c40b974f0615dee692f7c9b26c6de2118b4280ef2@%3Cissues.struts.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[struts-issues] 20200123 [jira] [Closed] (WW-5055) Fix for security vulnerability CVE-2012-1592 identified in the National Vulnerability Database", + "url": "https://lists.apache.org/thread.html/r93c4e3f6cb138cd117c739714f07e47af547183ba099ba46be2b2a5b@%3Cissues.struts.apache.org%3E" } ] } diff --git a/2012/1xxx/CVE-2012-1695.json b/2012/1xxx/CVE-2012-1695.json index bf040923228..df6a09d5e3e 100644 --- a/2012/1xxx/CVE-2012-1695.json +++ b/2012/1xxx/CVE-2012-1695.json @@ -71,6 +71,11 @@ "name": "MDVSA-2013:150", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2012/2xxx/CVE-2012-2087.json b/2012/2xxx/CVE-2012-2087.json index f7dac0d790c..aa841b61740 100644 --- a/2012/2xxx/CVE-2012-2087.json +++ b/2012/2xxx/CVE-2012-2087.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-2087", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ISPConfig", + "version": { + "version_data": [ + { + "version_value": "3.0.4.3" + } + ] + } + } + ] + }, + "vendor_name": "ISPConfig" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ISPConfig 3.0.4.3: the \"Add new Webdav user\" can chmod and chown entire server from client interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "authentication error" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/04/08/3", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/04/08/3" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74739", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74739" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/04/09/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/04/09/4" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/52936", + "url": "https://www.securityfocus.com/bid/52936" } ] } diff --git a/2012/2xxx/CVE-2012-2378.json b/2012/2xxx/CVE-2012-2378.json index 466d515015a..0a8f5475b8e 100644 --- a/2012/2xxx/CVE-2012-2378.json +++ b/2012/2xxx/CVE-2012-2378.json @@ -86,6 +86,11 @@ "name": "http://svn.apache.org/viewvc?view=revision&revision=1337150", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=revision&revision=1337150" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2012/2xxx/CVE-2012-2379.json b/2012/2xxx/CVE-2012-2379.json index c0ff3921742..c955d64f759 100644 --- a/2012/2xxx/CVE-2012-2379.json +++ b/2012/2xxx/CVE-2012-2379.json @@ -141,6 +141,11 @@ "name": "RHSA-2013:0194", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2012/3xxx/CVE-2012-3451.json b/2012/3xxx/CVE-2012-3451.json index 072c7f897f2..f28a4535ceb 100644 --- a/2012/3xxx/CVE-2012-3451.json +++ b/2012/3xxx/CVE-2012-3451.json @@ -126,6 +126,11 @@ "name": "RHSA-2013:0726", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2012/3xxx/CVE-2012-3821.json b/2012/3xxx/CVE-2012-3821.json index 5b2c11cab46..5c10018e083 100644 --- a/2012/3xxx/CVE-2012-3821.json +++ b/2012/3xxx/CVE-2012-3821.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-3821", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Security Bypass vulnerability exists in the activate.asp page in Arial Software Campaign Enterprise 11.0.551, which could let a remote malicious user modify the SerialNumber field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html", + "refsource": "MISC", + "name": "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79508", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79508" + }, + { + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0103.html", + "refsource": "MISC", + "name": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0103.html" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/archive/1/524462", + "url": "https://www.securityfocus.com/archive/1/524462" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/56117/info", + "url": "https://www.securityfocus.com/bid/56117/info" } ] } diff --git a/2012/3xxx/CVE-2012-3822.json b/2012/3xxx/CVE-2012-3822.json index 4fc91c59747..bc2df88a5dd 100644 --- a/2012/3xxx/CVE-2012-3822.json +++ b/2012/3xxx/CVE-2012-3822.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-3822", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Arial Campaign Enterprise before 11.0.551 has unauthorized access to the User-Edit.asp page, which allows remote attackers to enumerate users' credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html", + "refsource": "MISC", + "name": "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html" + }, + { + "refsource": "XF", + "name": "79509", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79509" } ] } diff --git a/2012/3xxx/CVE-2012-3823.json b/2012/3xxx/CVE-2012-3823.json index caf11d15ab5..d8fc616a863 100644 --- a/2012/3xxx/CVE-2012-3823.json +++ b/2012/3xxx/CVE-2012-3823.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-3823", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Arial Campaign Enterprise before 11.0.551 stores passwords in clear text and these may be retrieved." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html", + "refsource": "MISC", + "name": "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html" + }, + { + "refsource": "XF", + "name": "79510", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79510" } ] } diff --git a/2012/3xxx/CVE-2012-3824.json b/2012/3xxx/CVE-2012-3824.json index 4df8aa0ec93..2dcd9aeeba1 100644 --- a/2012/3xxx/CVE-2012-3824.json +++ b/2012/3xxx/CVE-2012-3824.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-3824", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Arial Campaign Enterprise before 11.0.551, multiple pages are accessible without authentication or authorization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html", + "refsource": "MISC", + "name": "http://sadgeeksinsnow.blogspot.dk/2012/10/my-first-experiences-bug-hunting-part-2.html" + }, + { + "refsource": "XF", + "name": "79506", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79506" } ] } diff --git a/2012/4xxx/CVE-2012-4030.json b/2012/4xxx/CVE-2012-4030.json index 792dbf171de..cef901e3d55 100644 --- a/2012/4xxx/CVE-2012-4030.json +++ b/2012/4xxx/CVE-2012-4030.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4030", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Chamilo before 1.8.8.6 does not adequately handle user supplied input by the index.php script, which could allow remote attackers to delete arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "XF", + "name": "78054", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78054" } ] } diff --git a/2012/4xxx/CVE-2012-4284.json b/2012/4xxx/CVE-2012-4284.json index 50d06409c70..28f70fbaa58 100644 --- a/2012/4xxx/CVE-2012-4284.json +++ b/2012/4xxx/CVE-2012-4284.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4284", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/55002", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/55002" + }, + { + "url": "http://www.exploit-db.com/exploits/24579", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/24579" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/120643/Viscosity-setuid-set-ViscosityHelper-Privilege-Escalation.html", + "url": "https://packetstormsecurity.com/files/120643/Viscosity-setuid-set-ViscosityHelper-Privilege-Escalation.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.sparklabs.com/viscosity/releasenotes/mac/", + "url": "https://www.sparklabs.com/viscosity/releasenotes/mac/" } ] } diff --git a/2012/4xxx/CVE-2012-4603.json b/2012/4xxx/CVE-2012-4603.json index 0019ea5bb53..a2ad8c79a17 100644 --- a/2012/4xxx/CVE-2012-4603.json +++ b/2012/4xxx/CVE-2012-4603.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4603", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Citrix XenApp Online Plug-in for Windows 12.1 and earlier, and Citrix Receiver for Windows 3.2 and earlier could allow remote attackers to execute arbitrary code by convincing a target to open a specially crafted file from an SMB or WebDAV fileserver." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "55518", + "url": "http://www.securityfocus.com/bid/55518" + }, + { + "refsource": "SECTRACK", + "name": "1027521", + "url": "http://www.securitytracker.com/id?1027521" + }, + { + "refsource": "SECTRACK", + "name": "1027522", + "url": "http://www.securitytracker.com/id?1027522" + }, + { + "refsource": "XF", + "name": "78433", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78433" } ] } diff --git a/2012/4xxx/CVE-2012-4606.json b/2012/4xxx/CVE-2012-4606.json index 7baa5f49640..bf42309a5fb 100644 --- a/2012/4xxx/CVE-2012-4606.json +++ b/2012/4xxx/CVE-2012-4606.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4606", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "55432", + "url": "http://www.securityfocus.com/bid/55432" } ] } diff --git a/2012/4xxx/CVE-2012-4750.json b/2012/4xxx/CVE-2012-4750.json index fa4601833cf..14c572bc916 100644 --- a/2012/4xxx/CVE-2012-4750.json +++ b/2012/4xxx/CVE-2012-4750.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4750", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Code Execution vulnerability exists in the memcpy function when processing AMF requests in Ezhometech EzServer 7.0, which could let a remote malicious user execute arbitrary code or cause a Denial of Service" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79267", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79267" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/archive/1/524430", + "url": "https://www.securityfocus.com/archive/1/524430" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/117391/Ezhometech-EzServer-7.0-Remote-Heap-Corruption.html", + "url": "https://packetstormsecurity.com/files/117391/Ezhometech-EzServer-7.0-Remote-Heap-Corruption.html" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/55938", + "url": "https://www.securityfocus.com/bid/55938" } ] } diff --git a/2012/4xxx/CVE-2012-4760.json b/2012/4xxx/CVE-2012-4760.json index cb15f531297..f8c24584b83 100644 --- a/2012/4xxx/CVE-2012-4760.json +++ b/2012/4xxx/CVE-2012-4760.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4760", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Privilege Escalation vulnerability exists in the SDBagent service in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/56740", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/56740" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2012/Nov/108", + "url": "https://seclists.org/bugtraq/2012/Nov/108" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2012-4760", + "url": "https://packetstormsecurity.com/files/cve/CVE-2012-4760" } ] } diff --git a/2012/4xxx/CVE-2012-4761.json b/2012/4xxx/CVE-2012-4761.json index 41275a0d23a..550e8edc504 100644 --- a/2012/4xxx/CVE-2012-4761.json +++ b/2012/4xxx/CVE-2012-4761.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4761", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Privilege Escalation vulnerability exists in the unquoted Service Binary in SDPAgent or SDBAgent in Safend Data Protector Agent 3.4.5586.9772, which could let a local malicious user obtain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/56740", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/56740" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2012/Nov/108", + "url": "https://seclists.org/bugtraq/2012/Nov/108" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2012-4760", + "url": "https://packetstormsecurity.com/files/cve/CVE-2012-4760" } ] } diff --git a/2012/4xxx/CVE-2012-4767.json b/2012/4xxx/CVE-2012-4767.json index c30f821ad4e..f2d6f02223a 100644 --- a/2012/4xxx/CVE-2012-4767.json +++ b/2012/4xxx/CVE-2012-4767.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4767", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the securitylayer.log file in the logs.9972 directory, which could let a malicious user decrypt and potentially change the Safend security policies applied to the machine." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/56740", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/56740" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/118491/Safend-Data-Protector-3.4.5586.9772-Privilege-Escalation.html", + "url": "https://packetstormsecurity.com/files/118491/Safend-Data-Protector-3.4.5586.9772-Privilege-Escalation.html" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/archive/1/524864", + "url": "https://www.securityfocus.com/archive/1/524864" } ] } diff --git a/2012/4xxx/CVE-2012-4863.json b/2012/4xxx/CVE-2012-4863.json index cf14ed09d20..df7d814e91d 100644 --- a/2012/4xxx/CVE-2012-4863.json +++ b/2012/4xxx/CVE-2012-4863.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2012-4863", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "IBM", + "product": { + "product_data": [ + { + "product_name": "WebSphere MQ", + "version": { + "version_data": [ + { + "version_value": "7.1 without Fix Pack 7.1.0.2" + }, + { + "version_value": "7.5 without Fix Pack 7.5.0.1" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +37,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79920", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79920" + }, + { + "refsource": "MISC", + "name": "https://www.tenable.com/plugins/nessus/63099", + "url": "https://www.tenable.com/plugins/nessus/63099" } ] } diff --git a/2012/4xxx/CVE-2012-4900.json b/2012/4xxx/CVE-2012-4900.json index ab6b5b8bb9d..859b159ef70 100644 --- a/2012/4xxx/CVE-2012-4900.json +++ b/2012/4xxx/CVE-2012-4900.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4900", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via untrusted pointer dereference" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/58384", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58384" + }, + { + "url": "http://www.securitytracker.com/id/1028257", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1028257" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82674", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82674" } ] } diff --git a/2012/4xxx/CVE-2012-4919.json b/2012/4xxx/CVE-2012-4919.json index 0d32279b375..4fed5a84ced 100644 --- a/2012/4xxx/CVE-2012-4919.json +++ b/2012/4xxx/CVE-2012-4919.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2012-4919", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Gallery Plugin authors", + "product": { + "product_data": [ + { + "product_name": "Gallery", + "version": { + "version_data": [ + { + "version_value": "1.4" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote File Include" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/57650", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/57650" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81713", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81713" } ] } diff --git a/2012/4xxx/CVE-2012-4981.json b/2012/4xxx/CVE-2012-4981.json index 7e3c09dfcf6..5f5382ee65f 100644 --- a/2012/4xxx/CVE-2012-4981.json +++ b/2012/4xxx/CVE-2012-4981.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-4981", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/55643", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/55643" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78800", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78800" } ] } diff --git a/2012/5xxx/CVE-2012-5190.json b/2012/5xxx/CVE-2012-5190.json index e8120a0f3fb..63604b0995f 100644 --- a/2012/5xxx/CVE-2012-5190.json +++ b/2012/5xxx/CVE-2012-5190.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5190", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/57242", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/57242" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81163", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81163" } ] } diff --git a/2012/5xxx/CVE-2012-5340.json b/2012/5xxx/CVE-2012-5340.json index 645e016376d..1a5cc3cc901 100644 --- a/2012/5xxx/CVE-2012-5340.json +++ b/2012/5xxx/CVE-2012-5340.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5340", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "EXPLOIT-DB", + "name": "23246", + "url": "http://www.exploit-db.com/exploits/23246" } ] } diff --git a/2012/5xxx/CVE-2012-5389.json b/2012/5xxx/CVE-2012-5389.json index b23cc05ed75..69888e72438 100644 --- a/2012/5xxx/CVE-2012-5389.json +++ b/2012/5xxx/CVE-2012-5389.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5389", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NULL Pointer Dereference in PowerTCP WebServer for ActiveX 1.9.2 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/58940", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58940" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83310", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83310" } ] } diff --git a/2012/5xxx/CVE-2012-5575.json b/2012/5xxx/CVE-2012-5575.json index 5cdd78cec45..2fec9213a3d 100644 --- a/2012/5xxx/CVE-2012-5575.json +++ b/2012/5xxx/CVE-2012-5575.json @@ -126,6 +126,11 @@ "name": "RHSA-2013:0874", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0874.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2012/5xxx/CVE-2012-5626.json b/2012/5xxx/CVE-2012-5626.json index 8c9e29f35e6..6df1c721001 100644 --- a/2012/5xxx/CVE-2012-5626.json +++ b/2012/5xxx/CVE-2012-5626.json @@ -1,8 +1,90 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-5626", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "JBoss BRMS", + "version": { + "version_data": [ + { + "version_value": "5" + } + ] + } + }, + { + "product_name": "JBoss Enterprise Application Platform", + "version": { + "version_data": [ + { + "version_value": "5" + } + ] + } + }, + { + "product_name": "JBoss Operations Network", + "version": { + "version_data": [ + { + "version_value": "3.1" + } + ] + } + }, + { + "product_name": "JBoss Portal", + "version": { + "version_data": [ + { + "version_value": "4" + }, + { + "version_value": "5" + } + ] + } + }, + { + "product_name": "JBoss SOA Platform", + "version": { + "version_data": [ + { + "version_value": "4.2" + }, + { + "version_value": "4.3" + }, + { + "version_value": "5" + } + ] + } + }, + { + "product_name": "JBoss Enterprise Web Server", + "version": { + "version_data": [ + { + "version_value": "1" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +93,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5626", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5626" + }, + { + "refsource": "CONFIRM", + "name": "https://access.redhat.com/security/cve/cve-2012-5626", + "url": "https://access.redhat.com/security/cve/cve-2012-5626" } ] } diff --git a/2012/5xxx/CVE-2012-5633.json b/2012/5xxx/CVE-2012-5633.json index 5ee6258e60f..13b4e459491 100644 --- a/2012/5xxx/CVE-2012-5633.json +++ b/2012/5xxx/CVE-2012-5633.json @@ -151,6 +151,11 @@ "name": "RHSA-2013:0726", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2013-0726.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2012/5xxx/CVE-2012-5698.json b/2012/5xxx/CVE-2012-5698.json index bfac42b56b1..423e3327bec 100644 --- a/2012/5xxx/CVE-2012-5698.json +++ b/2012/5xxx/CVE-2012-5698.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5698", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BabyGekko before 1.2.4 has SQL injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/56523", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/56523" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80085", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80085" } ] } diff --git a/2012/5xxx/CVE-2012-5699.json b/2012/5xxx/CVE-2012-5699.json index 5dc72010b5e..df7dd4a7601 100644 --- a/2012/5xxx/CVE-2012-5699.json +++ b/2012/5xxx/CVE-2012-5699.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5699", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BabyGekko before 1.2.4 allows PHP file inclusion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/56523", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/56523" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80086", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80086" } ] } diff --git a/2012/5xxx/CVE-2012-5867.json b/2012/5xxx/CVE-2012-5867.json index 19885bea2dc..a0bbb9d0bcf 100644 --- a/2012/5xxx/CVE-2012-5867.json +++ b/2012/5xxx/CVE-2012-5867.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-5867", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/47095", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/47095" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2012/11/14/15", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/11/14/15" } ] } diff --git a/2012/6xxx/CVE-2012-6083.json b/2012/6xxx/CVE-2012-6083.json index c439ad4d3a4..ccd55b06396 100644 --- a/2012/6xxx/CVE-2012-6083.json +++ b/2012/6xxx/CVE-2012-6083.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-6083", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "freeciv", + "product": { + "product_data": [ + { + "product_name": "freeciv", + "version": { + "version_data": [ + { + "version_value": "before 2.3.3" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Freeciv before 2.3.3 allows remote attackers to cause a denial of service via a crafted packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/12/31/2", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/12/31/2" + }, + { + "refsource": "MISC", + "name": "https://freeciv.fandom.com/wiki/NEWS-2.3.3", + "url": "https://freeciv.fandom.com/wiki/NEWS-2.3.3" } ] } diff --git a/2012/6xxx/CVE-2012-6114.json b/2012/6xxx/CVE-2012-6114.json index 9241a6b6936..59a2af8ccf6 100644 --- a/2012/6xxx/CVE-2012-6114.json +++ b/2012/6xxx/CVE-2012-6114.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2012-6114", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The git-changelog utility in git-extras 1.7.0 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/changelog or (2) /tmp/.git-effort." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Symbolic Link Following" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "git-extras", + "product": { + "product_data": [ + { + "product_name": "git-extras", + "version": { + "version_data": [ + { + "version_value": "1.7.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/01/22/8", + "url": "http://www.openwall.com/lists/oss-security/2013/01/22/8" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/01/23/5", + "url": "http://www.openwall.com/lists/oss-security/2013/01/23/5" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698490", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698490" } ] } diff --git a/2012/6xxx/CVE-2012-6302.json b/2012/6xxx/CVE-2012-6302.json index 0720be9115a..9140a7fc416 100644 --- a/2012/6xxx/CVE-2012-6302.json +++ b/2012/6xxx/CVE-2012-6302.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6302", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soapbox within a sandboxed Soapbox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2012/12/10/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2012/12/10/1" } ] } diff --git a/2012/6xxx/CVE-2012-6344.json b/2012/6xxx/CVE-2012-6344.json index 25a34530fdb..434a270f20a 100644 --- a/2012/6xxx/CVE-2012-6344.json +++ b/2012/6xxx/CVE-2012-6344.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6344", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Novell ZENworks Configuration Management before 11.2.4 allows XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.microfocus.com/kb/doc.php?id=7012761", + "refsource": "MISC", + "name": "https://support.microfocus.com/kb/doc.php?id=7012761" } ] } diff --git a/2012/6xxx/CVE-2012-6345.json b/2012/6xxx/CVE-2012-6345.json index 3c8900a82ef..e1650a367ae 100644 --- a/2012/6xxx/CVE-2012-6345.json +++ b/2012/6xxx/CVE-2012-6345.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6345", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Novell ZENworks Configuration Management before 11.2.4 allows obtaining sensitive trace information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.microfocus.com/kb/doc.php?id=7012763", + "refsource": "MISC", + "name": "https://support.microfocus.com/kb/doc.php?id=7012763" } ] } diff --git a/2012/6xxx/CVE-2012-6448.json b/2012/6xxx/CVE-2012-6448.json index d2685faea3c..33521a11cec 100644 --- a/2012/6xxx/CVE-2012-6448.json +++ b/2012/6xxx/CVE-2012-6448.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6448", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "EXPLOIT-DB", + "name": "38153", + "url": "https://www.exploit-db.com/exploits/38153" } ] } diff --git a/2012/6xxx/CVE-2012-6451.json b/2012/6xxx/CVE-2012-6451.json index 25d1f467e23..105ff2fde28 100644 --- a/2012/6xxx/CVE-2012-6451.json +++ b/2012/6xxx/CVE-2012-6451.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6451", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/57761", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/57761" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81870", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81870" } ] } diff --git a/2012/6xxx/CVE-2012-6494.json b/2012/6xxx/CVE-2012-6494.json index e9a0afcb7b6..999bc88d18a 100644 --- a/2012/6xxx/CVE-2012-6494.json +++ b/2012/6xxx/CVE-2012-6494.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6494", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Rapid7 Nexpose before 5.5.4 contains a session hijacking vulnerability which allows remote attackers to capture a user's session and gain unauthorized access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "57150", + "url": "http://www.securityfocus.com/bid/57150" + }, + { + "refsource": "XF", + "name": "80982", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80982" } ] } diff --git a/2012/6xxx/CVE-2012-6609.json b/2012/6xxx/CVE-2012-6609.json index 1bd3455c0bd..8fbdeefcee5 100644 --- a/2012/6xxx/CVE-2012-6609.json +++ b/2012/6xxx/CVE-2012-6609.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6609", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2012/Mar/18", + "url": "http://seclists.org/fulldisclosure/2012/Mar/18" + }, + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20130317232013/http://blog.tempest.com.br/joao-paulo-campello/polycom-web-management-interface-os-command-injection.html", + "url": "https://web.archive.org/web/20130317232013/http://blog.tempest.com.br/joao-paulo-campello/polycom-web-management-interface-os-command-injection.html" } ] } diff --git a/2012/6xxx/CVE-2012-6610.json b/2012/6xxx/CVE-2012-6610.json index 06032a688c2..57fcbdce16f 100644 --- a/2012/6xxx/CVE-2012-6610.json +++ b/2012/6xxx/CVE-2012-6610.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6610", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J allows remote authenticated users to execute arbitrary commands as demonstrated by a ; (semicolon) to the ping command feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2012/Mar/18", + "url": "http://seclists.org/fulldisclosure/2012/Mar/18" + }, + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20130317232013/http://blog.tempest.com.br/joao-paulo-campello/polycom-web-management-interface-os-command-injection.html", + "url": "https://web.archive.org/web/20130317232013/http://blog.tempest.com.br/joao-paulo-campello/polycom-web-management-interface-os-command-injection.html" } ] } diff --git a/2012/6xxx/CVE-2012-6613.json b/2012/6xxx/CVE-2012-6613.json index b695c49dbb7..b61c14efa81 100644 --- a/2012/6xxx/CVE-2012-6613.json +++ b/2012/6xxx/CVE-2012-6613.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6613", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "EXPLOIT-DB", + "name": "22930", + "url": "http://www.exploit-db.com/exploits/22930/" } ] } diff --git a/2012/6xxx/CVE-2012-6649.json b/2012/6xxx/CVE-2012-6649.json index 4adb5e202a5..7a1f31decf2 100644 --- a/2012/6xxx/CVE-2012-6649.json +++ b/2012/6xxx/CVE-2012-6649.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6649", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WordPress WP GPX Maps Plugin 1.1.21 allows remote attackers to execute arbitrary PHP code via improper file upload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "53909", + "url": "http://www.securityfocus.com/bid/53909" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2014/06/26/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/06/26/4" } ] } diff --git a/2012/6xxx/CVE-2012-6663.json b/2012/6xxx/CVE-2012-6663.json index 0c697378497..11e531155b3 100644 --- a/2012/6xxx/CVE-2012-6663.json +++ b/2012/6xxx/CVE-2012-6663.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2012-6663", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "General Electric D20ME devices are not properly configured and reveal plaintext passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.rapid7.com/db/modules/auxiliary/gather/d20pass", + "refsource": "MISC", + "name": "http://www.rapid7.com/db/modules/auxiliary/gather/d20pass" } ] } diff --git a/2013/0xxx/CVE-2013-0239.json b/2013/0xxx/CVE-2013-0239.json index cfd3f6ef0ff..6a3dd2a892a 100644 --- a/2013/0xxx/CVE-2013-0239.json +++ b/2013/0xxx/CVE-2013-0239.json @@ -96,6 +96,11 @@ "name": "http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/120214/Apache-CXF-WS-Security-UsernameToken-Bypass.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2013/0xxx/CVE-2013-0286.json b/2013/0xxx/CVE-2013-0286.json index cf759c89298..4db217d5cf2 100644 --- a/2013/0xxx/CVE-2013-0286.json +++ b/2013/0xxx/CVE-2013-0286.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0286", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Pinboard theme authors", + "product": { + "product_data": [ + { + "product_name": "Pinboard theme", + "version": { + "version_data": [ + { + "version_value": "1.0.6" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Pinboard 1.0.6 theme for Wordpress has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2013/02/14/4", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/02/14/4" } ] } diff --git a/2013/0xxx/CVE-2013-0294.json b/2013/0xxx/CVE-2013-0294.json index b48cc4dfc27..d06741e34a4 100644 --- a/2013/0xxx/CVE-2013-0294.json +++ b/2013/0xxx/CVE-2013-0294.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-0294", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,86 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "packet.py in pyrad before 2.1 uses weak random numbers to generate RADIUS authenticators and hash passwords, which makes it easier for remote attackers to obtain sensitive information via a brute force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptography" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "pyrad", + "product": { + "product_data": [ + { + "product_name": "pyrad", + "version": { + "version_data": [ + { + "version_value": "before 2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=911682", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=911682" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/wichert/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5", + "url": "https://github.com/wichert/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/57984", + "url": "http://www.securityfocus.com/bid/57984" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/02/15/13", + "url": "http://www.openwall.com/lists/oss-security/2013/02/15/13" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82133", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82133" + }, + { + "refsource": "CONFIRM", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116567.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116567.html" + }, + { + "refsource": "CONFIRM", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115705.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115705.html" + }, + { + "refsource": "CONFIRM", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115677.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115677.html" } ] } diff --git a/2013/1xxx/CVE-2013-1437.json b/2013/1xxx/CVE-2013-1437.json index 0eaeacded43..e82f0396468 100644 --- a/2013/1xxx/CVE-2013-1437.json +++ b/2013/1xxx/CVE-2013-1437.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2013-1437", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Eval Injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Perl Toolchain Gang", + "product": { + "product_data": [ + { + "product_name": "Module-Metadata", + "version": { + "version_data": [ + { + "version_value": "before 1.000015" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://metacpan.org/changes/distribution/Module-Metadata", + "url": "https://metacpan.org/changes/distribution/Module-Metadata" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114904.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114904.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114912.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114912.html" } ] } diff --git a/2013/1xxx/CVE-2013-1592.json b/2013/1xxx/CVE-2013-1592.json index 88312df0029..4be679ea80f 100644 --- a/2013/1xxx/CVE-2013-1592.json +++ b/2013/1xxx/CVE-2013-1592.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1592", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,53 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/57956", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/57956" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82064", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82064" + }, + { + "url": "http://www.exploit-db.com/exploits/24511", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/24511" + }, + { + "url": "http://www.securitytracker.com/id/1028148", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1028148" + }, + { + "refsource": "MISC", + "name": "http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities", + "url": "http://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-1592", + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1592" } ] } diff --git a/2013/1xxx/CVE-2013-1593.json b/2013/1xxx/CVE-2013-1593.json index eb85e162f53..2965dae5afb 100644 --- a/2013/1xxx/CVE-2013-1593.json +++ b/2013/1xxx/CVE-2013-1593.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1593", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Denial of Service vulnerability exists in the WRITE_C function in the msg_server.exe module in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04 when sending a crafted SAP Message Server packet to TCP ports 36NN and/or 39NN." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/57956", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/57956" + }, + { + "url": "http://www.securitytracker.com/id/1028148", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1028148" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82065", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82065" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-1593", + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1593" + }, + { + "refsource": "MISC", + "name": "https://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities", + "url": "https://www.coresecurity.com/content/SAP-netweaver-msg-srv-multiple-vulnerabilities" } ] } diff --git a/2013/1xxx/CVE-2013-1594.json b/2013/1xxx/CVE-2013-1594.json index 53a28568e6e..3b0b0941fd1 100644 --- a/2013/1xxx/CVE-2013-1594.json +++ b/2013/1xxx/CVE-2013-1594.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1594", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,53 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/59572", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59572" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83943", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83943" + }, + { + "url": "http://www.exploit-db.com/exploits/25139", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/25139" + }, + { + "refsource": "MISC", + "name": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities", + "url": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-1594", + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1594" + }, + { + "refsource": "MISC", + "name": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt", + "url": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt" } ] } diff --git a/2013/1xxx/CVE-2013-1595.json b/2013/1xxx/CVE-2013-1595.json index 93ee79e4feb..f2e009803e8 100644 --- a/2013/1xxx/CVE-2013-1595.json +++ b/2013/1xxx/CVE-2013-1595.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1595", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/59573", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59573" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83944", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83944" + }, + { + "refsource": "MISC", + "name": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities", + "url": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt", + "url": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-1595", + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1595" } ] } diff --git a/2013/1xxx/CVE-2013-1596.json b/2013/1xxx/CVE-2013-1596.json index 4732ce5c5c1..cfe268e5165 100644 --- a/2013/1xxx/CVE-2013-1596.json +++ b/2013/1xxx/CVE-2013-1596.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1596", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via specially crafted RTSP packets to TCP port 554." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/59574", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59574" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83945", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83945" + }, + { + "refsource": "MISC", + "name": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities", + "url": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt", + "url": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-1596", + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1596" } ] } diff --git a/2013/1xxx/CVE-2013-1597.json b/2013/1xxx/CVE-2013-1597.json index ea006d33e1a..695f1041e04 100644 --- a/2013/1xxx/CVE-2013-1597.json +++ b/2013/1xxx/CVE-2013-1597.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1597", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Directory Traversal vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via a specially crafted GET request, which could let a malicious user obtain user credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/59576", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59576" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83947", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83947" + }, + { + "refsource": "MISC", + "name": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities", + "url": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt", + "url": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-1597", + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1597" } ] } diff --git a/2013/1xxx/CVE-2013-1598.json b/2013/1xxx/CVE-2013-1598.json index 817629c85e1..7ccc06e2105 100644 --- a/2013/1xxx/CVE-2013-1598.json +++ b/2013/1xxx/CVE-2013-1598.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1598", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/59575", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59575" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83946", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83946" + }, + { + "refsource": "MISC", + "name": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities", + "url": "https://www.coresecurity.com/advisories/vivotek-ip-cameras-multiple-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt", + "url": "https://github.com/offensive-security/exploitdb/blob/master/exploits/hardware/webapps/25139.txt" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/cve/CVE-2013-1598", + "url": "https://packetstormsecurity.com/files/cve/CVE-2013-1598" } ] } diff --git a/2013/1xxx/CVE-2013-1744.json b/2013/1xxx/CVE-2013-1744.json index cda41c98b72..cc351c48a65 100644 --- a/2013/1xxx/CVE-2013-1744.json +++ b/2013/1xxx/CVE-2013-1744.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1744", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IRIS citations management tool through 1.3 allows remote attackers to execute arbitrary commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://infosecabsurdity.wordpress.com/research/isa-2013-002/", + "refsource": "MISC", + "name": "http://infosecabsurdity.wordpress.com/research/isa-2013-002/" } ] } diff --git a/2013/1xxx/CVE-2013-1895.json b/2013/1xxx/CVE-2013-1895.json index 86deb1afaf1..01a6da3cf2c 100644 --- a/2013/1xxx/CVE-2013-1895.json +++ b/2013/1xxx/CVE-2013-1895.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-1895", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The py-bcrypt module before 0.3 for Python does not properly handle concurrent memory access, which allows attackers to bypass authentication via multiple authentication requests, which trigger the password hash to be overwritten." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "py-bcrypt", + "product": { + "product_data": [ + { + "product_name": "py-bcrypt", + "version": { + "version_data": [ + { + "version_value": "before 0.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/03/26/2", + "url": "http://www.openwall.com/lists/oss-security/2013/03/26/2" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101387.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101387.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101382.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101382.html" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58702", + "url": "http://www.securityfocus.com/bid/58702" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83039", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83039" } ] } diff --git a/2013/2xxx/CVE-2013-2060.json b/2013/2xxx/CVE-2013-2060.json index 43f5daa1d3b..07b5d6873fc 100644 --- a/2013/2xxx/CVE-2013-2060.json +++ b/2013/2xxx/CVE-2013-2060.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2060", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Metacharacters" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "OpenShift Origin", + "version": { + "version_data": [ + { + "version_value": "unknown" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=960363", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=960363" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/05/07/1", + "url": "http://www.openwall.com/lists/oss-security/2013/05/07/1" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/59687", + "url": "http://www.securityfocus.com/bid/59687" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84075", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84075" } ] } diff --git a/2013/2xxx/CVE-2013-2160.json b/2013/2xxx/CVE-2013-2160.json index 3af5d3dd31f..2f6d970c571 100644 --- a/2013/2xxx/CVE-2013-2160.json +++ b/2013/2xxx/CVE-2013-2160.json @@ -81,6 +81,11 @@ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=929197", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=929197" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2013/2xxx/CVE-2013-2267.json b/2013/2xxx/CVE-2013-2267.json index 608e965e5c8..7cc4cec93d1 100644 --- a/2013/2xxx/CVE-2013-2267.json +++ b/2013/2xxx/CVE-2013-2267.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2267", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "58845", + "url": "http://www.securityfocus.com/bid/58845" + }, + { + "refsource": "XF", + "name": "83229", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83229" } ] } diff --git a/2013/2xxx/CVE-2013-2474.json b/2013/2xxx/CVE-2013-2474.json index eee36942b78..94d014a1114 100644 --- a/2013/2xxx/CVE-2013-2474.json +++ b/2013/2xxx/CVE-2013-2474.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2474", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in AWS XMS 2.5 allows remote attackers to view arbitrary files via the 'what' parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "58753", + "url": "http://www.securityfocus.com/bid/58753" + }, + { + "refsource": "EXPLOIT-DB", + "name": "24906", + "url": "http://www.exploit-db.com/exploits/24906" + }, + { + "refsource": "XF", + "name": "83062", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83062" } ] } diff --git a/2013/2xxx/CVE-2013-2499.json b/2013/2xxx/CVE-2013-2499.json index 3b6af3dda15..961e430ff82 100644 --- a/2013/2xxx/CVE-2013-2499.json +++ b/2013/2xxx/CVE-2013-2499.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2499", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SimpleHRM 2.3 and earlier could allow remote attackers to bypass the authentication process in 'user_manager.php' via spoofing a cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "59255", + "url": "http://www.securityfocus.com/bid/59255" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/04/17/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/04/17/1" + }, + { + "refsource": "XF", + "name": "83629", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83629" } ] } diff --git a/2013/2xxx/CVE-2013-2571.json b/2013/2xxx/CVE-2013-2571.json index 5090a479e38..b835fbe99e2 100644 --- a/2013/2xxx/CVE-2013-2571.json +++ b/2013/2xxx/CVE-2013-2571.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2571", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/25987", + "url": "http://www.exploit-db.com/exploits/25987" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/60359", + "url": "http://www.securityfocus.com/bid/60359" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84761", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84761" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/121917/Xpient-POS-Iris-3.8-Cash-Drawer-Operation-Remote-Trigger.html", + "url": "https://packetstormsecurity.com/files/121917/Xpient-POS-Iris-3.8-Cash-Drawer-Operation-Remote-Trigger.html" } ] } diff --git a/2013/2xxx/CVE-2013-2612.json b/2013/2xxx/CVE-2013-2612.json index 71c17348a76..696d6768a9d 100644 --- a/2013/2xxx/CVE-2013-2612.json +++ b/2013/2xxx/CVE-2013-2612.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2612", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.203.27 allows remote attackers to execute arbitrary shell commands with root privileges due to an error in the Web UI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "XF", + "name": "85782", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85782" + }, + { + "refsource": "BID", + "name": "61167", + "url": "https://www.securityfocus.com/bid/61167/info" } ] } diff --git a/2013/2xxx/CVE-2013-2773.json b/2013/2xxx/CVE-2013-2773.json index 8bb311bc9f6..272428979fb 100644 --- a/2013/2xxx/CVE-2013-2773.json +++ b/2013/2xxx/CVE-2013-2773.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2773", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/58928", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/58928" } ] } diff --git a/2013/3xxx/CVE-2013-3486.json b/2013/3xxx/CVE-2013-3486.json index a24b251c16e..e272a6b4019 100644 --- a/2013/3xxx/CVE-2013-3486.json +++ b/2013/3xxx/CVE-2013-3486.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2013-3486", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "IrfanView FlashPix PlugIn", + "version": { + "version_data": [ + { + "version_value": "4.3" + } + ] + } + } + ] + }, + "vendor_name": "IrfanView FlashPix PlugIn" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "integer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/60232", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/60232" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84903", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84903" } ] } diff --git a/2013/3xxx/CVE-2013-3492.json b/2013/3xxx/CVE-2013-3492.json index 97732d06619..0f283432077 100644 --- a/2013/3xxx/CVE-2013-3492.json +++ b/2013/3xxx/CVE-2013-3492.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2013-3492", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "XnView", + "product": { + "product_data": [ + { + "product_name": "XnView", + "version": { + "version_data": [ + { + "version_value": "2.03" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XnView 2.03 has a stack-based buffer overflow vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/61503", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/61503" } ] } diff --git a/2013/3xxx/CVE-2013-3493.json b/2013/3xxx/CVE-2013-3493.json index 26fca4d5daa..c1b5ec010c4 100644 --- a/2013/3xxx/CVE-2013-3493.json +++ b/2013/3xxx/CVE-2013-3493.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2013-3493", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "XnView", + "product": { + "product_data": [ + { + "product_name": "XnView", + "version": { + "version_data": [ + { + "version_value": "2.03" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XnView 2.03 has an integer overflow vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "integer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/61505", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/61505" } ] } diff --git a/2013/3xxx/CVE-2013-3960.json b/2013/3xxx/CVE-2013-3960.json index 797f4ef478a..5bd869bb9bc 100644 --- a/2013/3xxx/CVE-2013-3960.json +++ b/2013/3xxx/CVE-2013-3960.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3960", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89171", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89171" + }, + { + "refsource": "MISC", + "name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18896", + "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18896" } ] } diff --git a/2013/4xxx/CVE-2013-4175.json b/2013/4xxx/CVE-2013-4175.json index d83f00a8412..66176759987 100644 --- a/2013/4xxx/CVE-2013-4175.json +++ b/2013/4xxx/CVE-2013-4175.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4175", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MySecureShell", + "product": { + "product_data": [ + { + "product_name": "MySecureShell", + "version": { + "version_data": [ + { + "version_value": "1.31" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MySecureShell 1.31 has a Local Denial of Service Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/61410", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/61410" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/07/27/5", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/07/27/5" } ] } diff --git a/2013/4xxx/CVE-2013-4176.json b/2013/4xxx/CVE-2013-4176.json index edfa8431b35..175dfb6803e 100644 --- a/2013/4xxx/CVE-2013-4176.json +++ b/2013/4xxx/CVE-2013-4176.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4176", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "mysecureshell", + "product": { + "product_data": [ + { + "product_name": "mysecureshell", + "version": { + "version_data": [ + { + "version_value": "1.31" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "mysecureshell 1.31: Local Information Disclosure Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/61409", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/61409" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/07/27/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/07/27/6" } ] } diff --git a/2013/4xxx/CVE-2013-4238.json b/2013/4xxx/CVE-2013-4238.json index e978ac476bf..982b4f0110d 100644 --- a/2013/4xxx/CVE-2013-4238.json +++ b/2013/4xxx/CVE-2013-4238.json @@ -121,6 +121,11 @@ "name": "openSUSE-SU-2013:1439", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00028.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2013/4xxx/CVE-2013-4333.json b/2013/4xxx/CVE-2013-4333.json index acb45e94531..6fc40bb27c5 100644 --- a/2013/4xxx/CVE-2013-4333.json +++ b/2013/4xxx/CVE-2013-4333.json @@ -1,8 +1,55 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4333", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "OpenPNE", + "product": { + "product_data": [ + { + "product_name": "OpenPNE", + "version": { + "version_data": [ + { + "version_value": "3.8.7" + }, + { + "version_value": "3.6.11" + }, + { + "version_value": "3.4.21.1" + }, + { + "version_value": "3.2.7.6" + }, + { + "version_value": "3.0.8.5 (Fixed: 3.8.7.1" + }, + { + "version_value": "3.6.11.1" + }, + { + "version_value": "3.4.21.2" + }, + { + "version_value": "3.2.7.7" + }, + { + "version_value": "3.0.8.6)" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +58,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an External Entity Injection Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XXE" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/62285", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/62285" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87031" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/09/11/6", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/09/11/6" } ] } diff --git a/2013/4xxx/CVE-2013-4441.json b/2013/4xxx/CVE-2013-4441.json index 9c16c305b11..91c2179650a 100644 --- a/2013/4xxx/CVE-2013-4441.json +++ b/2013/4xxx/CVE-2013-4441.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4441", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Phonemes mode in Pwgen 2.06 generates predictable passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Password" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Pwgen", + "product": { + "product_data": [ + { + "product_name": "Pwgen", + "version": { + "version_data": [ + { + "version_value": "2.06" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726578", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726578" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/06/06/1", + "url": "http://www.openwall.com/lists/oss-security/2013/06/06/1" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/10/16/15", + "url": "http://www.openwall.com/lists/oss-security/2013/10/16/15" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2012/01/22/6", + "url": "https://www.openwall.com/lists/oss-security/2012/01/22/6" } ] } diff --git a/2013/4xxx/CVE-2013-4462.json b/2013/4xxx/CVE-2013-4462.json index 832c777e178..1be9c6f2bd8 100644 --- a/2013/4xxx/CVE-2013-4462.json +++ b/2013/4xxx/CVE-2013-4462.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4462", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Portable phpMyAdmin Plugin authors", + "product": { + "product_data": [ + { + "product_name": "Portable phpMyAdmin Plugin", + "version": { + "version_data": [ + { + "version_value": "through at least 2013-10-22" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WordPress Portable phpMyAdmin Plugin has an authentication bypass vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "auth bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/63249", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/63249" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2013/10/24/1", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/10/24/1" } ] } diff --git a/2013/4xxx/CVE-2013-4582.json b/2013/4xxx/CVE-2013-4582.json index e2e1f679349..a367228e74e 100644 --- a/2013/4xxx/CVE-2013-4582.json +++ b/2013/4xxx/CVE-2013-4582.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4582", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,91 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": "5.0 before 5.4.2" + } + ] + } + }, + { + "product_name": "GitLab Community Edition", + "version": { + "version_data": [ + { + "version_value": "before 6.2.4" + } + ] + } + }, + { + "product_name": "GitLab Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "before 6.2.1" + } + ] + } + }, + { + "product_name": "gitlab-shell", + "version": { + "version_data": [ + { + "version_value": "before 1.7.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/11/15/4", + "url": "http://www.openwall.com/lists/oss-security/2013/11/15/4" + }, + { + "refsource": "MISC", + "name": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/", + "url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2013/11/18/4", + "url": "https://www.openwall.com/lists/oss-security/2013/11/18/4" } ] } diff --git a/2013/4xxx/CVE-2013-4583.json b/2013/4xxx/CVE-2013-4583.json index fecac2b6477..e2c9e11ca47 100644 --- a/2013/4xxx/CVE-2013-4583.json +++ b/2013/4xxx/CVE-2013-4583.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-4583", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,91 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal (Local File Inclusion)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": "5.0 before 5.4.2" + } + ] + } + }, + { + "product_name": "GitLab Community Edition", + "version": { + "version_data": [ + { + "version_value": "before 6.2.4" + } + ] + } + }, + { + "product_name": "GitLab Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "before 6.2.1" + } + ] + } + }, + { + "product_name": "gitlab-shell", + "version": { + "version_data": [ + { + "version_value": "before 1.7.8" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2013/11/15/4", + "url": "http://www.openwall.com/lists/oss-security/2013/11/15/4" + }, + { + "refsource": "MISC", + "name": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/", + "url": "https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2013/11/18/4", + "url": "https://www.openwall.com/lists/oss-security/2013/11/18/4" } ] } diff --git a/2013/4xxx/CVE-2013-4770.json b/2013/4xxx/CVE-2013-4770.json index 48d77126f97..a7263905e76 100644 --- a/2013/4xxx/CVE-2013-4770.json +++ b/2013/4xxx/CVE-2013-4770.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4770", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://groups.google.com/a/eucalyptus.com/d/msg/security-announce/tFcxwess0TE/Br0sQW1mJBMJ", + "url": "https://groups.google.com/a/eucalyptus.com/d/msg/security-announce/tFcxwess0TE/Br0sQW1mJBMJ" } ] } diff --git a/2013/4xxx/CVE-2013-4861.json b/2013/4xxx/CVE-2013-4861.json index a7af6b41048..837e2740cc5 100644 --- a/2013/4xxx/CVE-2013-4861.json +++ b/2013/4xxx/CVE-2013-4861.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4861", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html", + "url": "http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html" + }, + { + "refsource": "MISC", + "name": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt", + "url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt" + }, + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/27286", + "url": "http://www.exploit-db.com/exploits/27286" } ] } diff --git a/2013/4xxx/CVE-2013-4862.json b/2013/4xxx/CVE-2013-4862.json index a3d7fe1058b..5b457b1fd67 100644 --- a/2013/4xxx/CVE-2013-4862.json +++ b/2013/4xxx/CVE-2013-4862.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4862", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html", + "url": "http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html" + }, + { + "refsource": "MISC", + "name": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt", + "url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt" + }, + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/27286", + "url": "http://www.exploit-db.com/exploits/27286" } ] } diff --git a/2013/4xxx/CVE-2013-4863.json b/2013/4xxx/CVE-2013-4863.json index 2c8f94f7731..95219ed8354 100644 --- a/2013/4xxx/CVE-2013-4863.json +++ b/2013/4xxx/CVE-2013-4863.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4863", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html", + "url": "http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html" + }, + { + "refsource": "MISC", + "name": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt", + "url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt" + }, + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/27286", + "url": "http://www.exploit-db.com/exploits/27286" } ] } diff --git a/2013/4xxx/CVE-2013-4864.json b/2013/4xxx/CVE-2013-4864.json index 6e278355c26..a1a301cb26d 100644 --- a/2013/4xxx/CVE-2013-4864.json +++ b/2013/4xxx/CVE-2013-4864.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4864", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html", + "url": "http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html" + }, + { + "refsource": "MISC", + "name": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt", + "url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt" + }, + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/27286", + "url": "http://www.exploit-db.com/exploits/27286" } ] } diff --git a/2013/4xxx/CVE-2013-4865.json b/2013/4xxx/CVE-2013-4865.json index dfb53178159..d9226c9634c 100644 --- a/2013/4xxx/CVE-2013-4865.json +++ b/2013/4xxx/CVE-2013-4865.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4865", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html", + "url": "http://packetstormsecurity.com/files/122654/MiCasaVerde-VeraLite-1.5.408-Traversal-Authorization-CSRF-Disclosure.html" + }, + { + "refsource": "MISC", + "name": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt", + "url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-019.txt" + }, + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/27286", + "url": "http://www.exploit-db.com/exploits/27286" } ] } diff --git a/2013/5xxx/CVE-2013-5659.json b/2013/5xxx/CVE-2013-5659.json index 6f1a6ef4f2c..97ae5f00af4 100644 --- a/2013/5xxx/CVE-2013-5659.json +++ b/2013/5xxx/CVE-2013-5659.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-5659", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wiz 5.0.3 has a user mode write access violation" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://seclists.org/fulldisclosure/2013/Sep/8", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2013/Sep/8" + }, + { + "refsource": "MISC", + "name": "http://realpentesting.blogspot.com/p/realpentesting-advisory-title-user-mode.html", + "url": "http://realpentesting.blogspot.com/p/realpentesting-advisory-title-user-mode.html" } ] } diff --git a/2013/6xxx/CVE-2013-6056.json b/2013/6xxx/CVE-2013-6056.json index 509c723f5a3..f92101ed6fe 100644 --- a/2013/6xxx/CVE-2013-6056.json +++ b/2013/6xxx/CVE-2013-6056.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6056", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/plugins/nessus/76122", + "url": "https://www.tenable.com/plugins/nessus/76122" } ] } diff --git a/2013/6xxx/CVE-2013-6225.json b/2013/6xxx/CVE-2013-6225.json index ca88d4b44dd..0ebe33a7b99 100644 --- a/2013/6xxx/CVE-2013-6225.json +++ b/2013/6xxx/CVE-2013-6225.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6225", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.exploit-db.com/exploits/29672", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/29672" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89051", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89051" + }, + { + "refsource": "MISC", + "name": "https://curesec.com/de/veroeffentlichungen/advisories.html", + "url": "https://curesec.com/de/veroeffentlichungen/advisories.html" } ] } diff --git a/2013/6xxx/CVE-2013-6358.json b/2013/6xxx/CVE-2013-6358.json index 944350e60ea..0ce3a2c32a3 100644 --- a/2013/6xxx/CVE-2013-6358.json +++ b/2013/6xxx/CVE-2013-6358.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6358", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PrestaShop 1.5.5 allows remote authenticated attackers to execute arbitrary code by uploading a crafted profile and then accessing it in the module/ directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20150423041900/http://labs.davidsopas.com/2013/10/how-salesman-could-hack-prestashop.html", + "url": "https://web.archive.org/web/20150423041900/http://labs.davidsopas.com/2013/10/how-salesman-could-hack-prestashop.html" } ] } diff --git a/2013/6xxx/CVE-2013-6451.json b/2013/6xxx/CVE-2013-6451.json index 53febf34b02..210b12dac3c 100644 --- a/2013/6xxx/CVE-2013-6451.json +++ b/2013/6xxx/CVE-2013-6451.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-6451", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,57 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wikimedia Foundation", + "product": { + "product_data": [ + { + "product_name": "MediaWiki", + "version": { + "version_data": [ + { + "version_value": "1.19.9 before 1.19.10" + }, + { + "version_value": "1.2x before 1.21.4" + }, + { + "version_value": "1.22.x before 1.22.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html" } ] } diff --git a/2013/6xxx/CVE-2013-6455.json b/2013/6xxx/CVE-2013-6455.json index b427dd5f8bf..fcf8c8e7b77 100644 --- a/2013/6xxx/CVE-2013-6455.json +++ b/2013/6xxx/CVE-2013-6455.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-6455", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,57 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Wikimedia Foundation", + "product": { + "product_data": [ + { + "product_name": "MediaWiki", + "version": { + "version_data": [ + { + "version_value": "before 1.19.10" + }, + { + "version_value": "1.2x before 1.21.4" + }, + { + "version_value": "1.22.x before 1.22.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html" } ] } diff --git a/2013/6xxx/CVE-2013-6772.json b/2013/6xxx/CVE-2013-6772.json index 55ae14b2983..198790a5315 100644 --- a/2013/6xxx/CVE-2013-6772.json +++ b/2013/6xxx/CVE-2013-6772.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6772", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.splunk.com/view/SP-CAAAH32", + "refsource": "MISC", + "name": "http://www.splunk.com/view/SP-CAAAH32" } ] } diff --git a/2013/6xxx/CVE-2013-6773.json b/2013/6xxx/CVE-2013-6773.json index f3d8c254894..541ebbca154 100644 --- a/2013/6xxx/CVE-2013-6773.json +++ b/2013/6xxx/CVE-2013-6773.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6773", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal Forwarder which can allow an attacker to escalate privileges" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.splunk.com/view/SP-CAAAHXG", + "refsource": "MISC", + "name": "http://www.splunk.com/view/SP-CAAAHXG" } ] } diff --git a/2013/6xxx/CVE-2013-6785.json b/2013/6xxx/CVE-2013-6785.json index d9ee5056f36..93389e18344 100644 --- a/2013/6xxx/CVE-2013-6785.json +++ b/2013/6xxx/CVE-2013-6785.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6785", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.rapid7.com/2013/11/06/supermicro-ipmi-firmware-vulnerabilities/", + "url": "https://blog.rapid7.com/2013/11/06/supermicro-ipmi-firmware-vulnerabilities/" } ] } diff --git a/2013/6xxx/CVE-2013-6792.json b/2013/6xxx/CVE-2013-6792.json index 83f1b509880..525c03fab31 100644 --- a/2013/6xxx/CVE-2013-6792.json +++ b/2013/6xxx/CVE-2013-6792.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6792", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/64529", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/64529" } ] } diff --git a/2013/7xxx/CVE-2013-7185.json b/2013/7xxx/CVE-2013-7185.json index 2bdae837c0c..cd8b05edd47 100644 --- a/2013/7xxx/CVE-2013-7185.json +++ b/2013/7xxx/CVE-2013-7185.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7185", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PotPlayer 1.5.40688: .avi File Memory Corruption" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.exploit-db.com/exploits/30413", + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/30413" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89981", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89981" } ] } diff --git a/2013/7xxx/CVE-2013-7390.json b/2013/7xxx/CVE-2013-7390.json index c9cdc963b7a..112781e1938 100644 --- a/2013/7xxx/CVE-2013-7390.json +++ b/2013/7xxx/CVE-2013-7390.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7390", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unrestricted file upload vulnerability in AgentLogUploadServlet in ManageEngine DesktopCentral 7.x and 8.0.0 before build 80293 allows remote attackers to execute arbitrary code by uploading a file with a jsp extension, then accessing it via a direct request to the file in the webroot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/desktopcentral_file_upload.rb", + "url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/desktopcentral_file_upload.rb" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2013/Nov/130", + "url": "http://seclists.org/fulldisclosure/2013/Nov/130" } ] } diff --git a/2014/0xxx/CVE-2014-0034.json b/2014/0xxx/CVE-2014-0034.json index 4d1d6a5f659..86693da7ec6 100644 --- a/2014/0xxx/CVE-2014-0034.json +++ b/2014/0xxx/CVE-2014-0034.json @@ -96,6 +96,11 @@ "name": "RHSA-2014:1351", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0035.json b/2014/0xxx/CVE-2014-0035.json index fe96d3c861a..6e3609c54d2 100644 --- a/2014/0xxx/CVE-2014-0035.json +++ b/2014/0xxx/CVE-2014-0035.json @@ -91,6 +91,11 @@ "name": "RHSA-2014:1351", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0109.json b/2014/0xxx/CVE-2014-0109.json index 98b83ceb491..abda5d37b39 100644 --- a/2014/0xxx/CVE-2014-0109.json +++ b/2014/0xxx/CVE-2014-0109.json @@ -76,6 +76,11 @@ "name": "RHSA-2014:1351", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0110.json b/2014/0xxx/CVE-2014-0110.json index de1757cb417..5739140d92a 100644 --- a/2014/0xxx/CVE-2014-0110.json +++ b/2014/0xxx/CVE-2014-0110.json @@ -76,6 +76,11 @@ "name": "RHSA-2014:1351", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1351.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2014/0xxx/CVE-2014-0160.json b/2014/0xxx/CVE-2014-0160.json index 87f3abd1438..aeac3a9bbb1 100644 --- a/2014/0xxx/CVE-2014-0160.json +++ b/2014/0xxx/CVE-2014-0160.json @@ -671,6 +671,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190325 svn commit: r1856174 [26/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E" + }, + { + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html", + "url": "https://sku11army.blogspot.com/2020/01/heartbleed-hearts-continue-to-bleed.html" } ] } diff --git a/2014/1xxx/CVE-2014-1922.json b/2014/1xxx/CVE-2014-1922.json index 31e9c974d88..7091846f487 100644 --- a/2014/1xxx/CVE-2014-1922.json +++ b/2014/1xxx/CVE-2014-1922.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1922", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660", + "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11660" + }, + { + "refsource": "MISC", + "name": "http://koha-community.org/security-release-february-2014/", + "url": "http://koha-community.org/security-release-february-2014/" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/07/10", + "url": "http://www.openwall.com/lists/oss-security/2014/02/07/10" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/10/3", + "url": "http://www.openwall.com/lists/oss-security/2014/02/10/3" } ] } diff --git a/2014/1xxx/CVE-2014-1923.json b/2014/1xxx/CVE-2014-1923.json index ea12822d2b0..35b2f3ca452 100644 --- a/2014/1xxx/CVE-2014-1923.json +++ b/2014/1xxx/CVE-2014-1923.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1923", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple directory traversal vulnerabilities in the (1) staff interface help editor (edithelp.pl) or (2) member-picupload.pl in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allow remote attackers to write to arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://koha-community.org/security-release-february-2014/", + "url": "http://koha-community.org/security-release-february-2014/" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/07/10", + "url": "http://www.openwall.com/lists/oss-security/2014/02/07/10" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/10/3", + "url": "http://www.openwall.com/lists/oss-security/2014/02/10/3" + }, + { + "refsource": "MISC", + "name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661", + "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11661" + }, + { + "refsource": "MISC", + "name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662", + "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11662" } ] } diff --git a/2014/1xxx/CVE-2014-1924.json b/2014/1xxx/CVE-2014-1924.json index 3609219f1ac..9b3c6674769 100644 --- a/2014/1xxx/CVE-2014-1924.json +++ b/2014/1xxx/CVE-2014-1924.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1924", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 does not require authentication, which allows remote attackers to conduct SQL injection attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://koha-community.org/security-release-february-2014/", + "url": "http://koha-community.org/security-release-february-2014/" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/07/10", + "url": "http://www.openwall.com/lists/oss-security/2014/02/07/10" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/10/3", + "url": "http://www.openwall.com/lists/oss-security/2014/02/10/3" + }, + { + "refsource": "MISC", + "name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666", + "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666" } ] } diff --git a/2014/1xxx/CVE-2014-1925.json b/2014/1xxx/CVE-2014-1925.json index ff372a18ebc..347e8e5c6af 100644 --- a/2014/1xxx/CVE-2014-1925.json +++ b/2014/1xxx/CVE-2014-1925.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-1925", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in the MARC framework import/export function (admin/import_export_framework.pl) in Koha before 3.8.23, 3.10.x before 3.10.13, 3.12.x before 3.12.10, and 3.14.x before 3.14.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged by remote attackers using CVE-2014-1924." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://koha-community.org/security-release-february-2014/", + "url": "http://koha-community.org/security-release-february-2014/" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/07/10", + "url": "http://www.openwall.com/lists/oss-security/2014/02/07/10" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/02/10/3", + "url": "http://www.openwall.com/lists/oss-security/2014/02/10/3" + }, + { + "refsource": "MISC", + "name": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666", + "url": "http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=11666" } ] } diff --git a/2014/1xxx/CVE-2014-1972.json b/2014/1xxx/CVE-2014-1972.json index 5c2da697510..ea55bc6ae7c 100644 --- a/2014/1xxx/CVE-2014-1972.json +++ b/2014/1xxx/CVE-2014-1972.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[tapestry-users] 20191007 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure", "url": "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c@%3Cusers.tapestry.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html", + "url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E" } ] } diff --git a/2014/2xxx/CVE-2014-2050.json b/2014/2xxx/CVE-2014-2050.json index f35aafc3b96..f4f5e9ce1ad 100644 --- a/2014/2xxx/CVE-2014-2050.json +++ b/2014/2xxx/CVE-2014-2050.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2050", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site request forgery (CSRF) vulnerability in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to hijack the authentication of users for requests that reset passwords via a crafted HTTP Host header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://owncloud.org/security/advisories/host-header-poisoning/", + "url": "https://owncloud.org/security/advisories/host-header-poisoning/" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/66221", + "url": "https://www.securityfocus.com/bid/66221" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91971", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91971" } ] } diff --git a/2014/2xxx/CVE-2014-2271.json b/2014/2xxx/CVE-2014-2271.json index 92a6ea34883..68797c90ede 100644 --- a/2014/2xxx/CVE-2014-2271.json +++ b/2014/2xxx/CVE-2014-2271.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2271", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "cn.wps.moffice.common.beans.print.CloudPrintWebView in Kingsoft Office 5.3.1, as used in Huawei P2 devices before V100R001C00B043, falls back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and execute arbitrary Java code by leveraging a network position between the client and the registry to block HTTPS traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm", + "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-401529.htm" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/71381", + "url": "http://www.securityfocus.com/bid/71381" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99089", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99089" + }, + { + "refsource": "MISC", + "name": "https://labs.f-secure.com/advisories/kingsoft-office-remote-code-execution/", + "url": "https://labs.f-secure.com/advisories/kingsoft-office-remote-code-execution/" + }, + { + "refsource": "MISC", + "name": "https://labs.f-secure.com/assets/763/original/mwri_advisory_huawei_kingsoft-office.pdf", + "url": "https://labs.f-secure.com/assets/763/original/mwri_advisory_huawei_kingsoft-office.pdf" } ] } diff --git a/2014/2xxx/CVE-2014-2581.json b/2014/2xxx/CVE-2014-2581.json index 2522534bc1d..7370f927260 100644 --- a/2014/2xxx/CVE-2014-2581.json +++ b/2014/2xxx/CVE-2014-2581.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2581", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,76 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Smb4K before 1.1.1 allows remote attackers to obtain credentials via vectors related to the cuid option in the \"Additional options\" line edit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://sourceforge.net/projects/smb4k/files/1.1.1/", + "url": "http://sourceforge.net/projects/smb4k/files/1.1.1/" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/03/24/1", + "url": "http://www.openwall.com/lists/oss-security/2014/03/24/1" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/03/25/5", + "url": "http://www.openwall.com/lists/oss-security/2014/03/25/5" + }, + { + "refsource": "CONFIRM", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133898.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133898.html" + }, + { + "refsource": "CONFIRM", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133901.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-June/133901.html" + }, + { + "refsource": "MISC", + "name": "https://bugs.gentoo.org/505376", + "url": "https://bugs.gentoo.org/505376" } ] } diff --git a/2014/2xxx/CVE-2014-2667.json b/2014/2xxx/CVE-2014-2667.json index 1a3797699dd..ec361604329 100644 --- a/2014/2xxx/CVE-2014-2667.json +++ b/2014/2xxx/CVE-2014-2667.json @@ -86,6 +86,11 @@ "name": "openSUSE-SU-2014:0596", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00007.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2014/2xxx/CVE-2014-2680.json b/2014/2xxx/CVE-2014-2680.json index 6067119afd9..5ddf779249e 100644 --- a/2014/2xxx/CVE-2014-2680.json +++ b/2014/2xxx/CVE-2014-2680.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2680", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The update process in Xmind 3.4.1 and earlier allow remote attackers to execute arbitrary code via a man-in-the-middle attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://web.archive.org/web/20160822124252/http://rampartssecurity.com/docs/Xmind-MITM.pdf", + "url": "https://web.archive.org/web/20160822124252/http://rampartssecurity.com/docs/Xmind-MITM.pdf" } ] } diff --git a/2014/2xxx/CVE-2014-2896.json b/2014/2xxx/CVE-2014-2896.json index 249b1957adc..098515acb4f 100644 --- a/2014/2xxx/CVE-2014-2896.json +++ b/2014/2xxx/CVE-2014-2896.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2896", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The DoAlert function in the (1) TLS and (2) DTLS implementations in wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact and vectors, which trigger memory corruption or an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html", + "url": "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html", + "url": "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2014/q2/126", + "url": "http://seclists.org/oss-sec/2014/q2/126" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2014/q2/130", + "url": "http://seclists.org/oss-sec/2014/q2/130" } ] } diff --git a/2014/2xxx/CVE-2014-2897.json b/2014/2xxx/CVE-2014-2897.json index 92f9d091a09..6a19a8ee410 100644 --- a/2014/2xxx/CVE-2014-2897.json +++ b/2014/2xxx/CVE-2014-2897.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2897", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SSL 3 HMAC functionality in wolfSSL CyaSSL 2.5.0 before 2.9.4 does not check the padding length when verification fails, which allows remote attackers to have unspecified impact via a crafted HMAC, which triggers an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html", + "url": "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html", + "url": "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2014/q2/126", + "url": "http://seclists.org/oss-sec/2014/q2/126" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2014/q2/130", + "url": "http://seclists.org/oss-sec/2014/q2/130" } ] } diff --git a/2014/2xxx/CVE-2014-2898.json b/2014/2xxx/CVE-2014-2898.json index 54d7a3035f7..2e76d06b602 100644 --- a/2014/2xxx/CVE-2014-2898.json +++ b/2014/2xxx/CVE-2014-2898.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2898", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "wolfSSL CyaSSL before 2.9.4 allows remote attackers to have unspecified impact via multiple calls to the CyaSSL_read function which triggers an out-of-bounds read when an error occurs, related to not checking the return code and MAC verification failure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html", + "url": "http://www.wolfssl.com/yaSSL/Blog/Entries/2014/4/11_wolfSSL_Security_Advisory__April_9%2C_2014.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html", + "url": "http://www.wolfssl.com/yaSSL/Docs-cyassl-changelog.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2014/q2/126", + "url": "http://seclists.org/oss-sec/2014/q2/126" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2014/q2/130", + "url": "http://seclists.org/oss-sec/2014/q2/130" } ] } diff --git a/2014/2xxx/CVE-2014-2906.json b/2014/2xxx/CVE-2014-2906.json index 24a53f23883..c05910cb8f1 100644 --- a/2014/2xxx/CVE-2014-2906.json +++ b/2014/2xxx/CVE-2014-2906.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2906", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/04/28/4", + "url": "http://www.openwall.com/lists/oss-security/2014/04/28/4" + }, + { + "refsource": "MISC", + "name": "https://github.com/fish-shell/fish-shell/issues/1437", + "url": "https://github.com/fish-shell/fish-shell/issues/1437" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/fish-shell/fish-shell/releases/tag/2.1.1", + "url": "https://github.com/fish-shell/fish-shell/releases/tag/2.1.1" } ] } diff --git a/2014/2xxx/CVE-2014-2914.json b/2014/2xxx/CVE-2014-2914.json index 6a7e3c9030b..298b315bf2c 100644 --- a/2014/2xxx/CVE-2014-2914.json +++ b/2014/2xxx/CVE-2014-2914.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2914", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/fish-shell/fish-shell/issues/1438", + "url": "https://github.com/fish-shell/fish-shell/issues/1438" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/04/28/4", + "url": "http://www.openwall.com/lists/oss-security/2014/04/28/4" } ] } diff --git a/2014/3xxx/CVE-2014-3004.json b/2014/3xxx/CVE-2014-3004.json index 79723878487..63b0ba2fd86 100644 --- a/2014/3xxx/CVE-2014-3004.json +++ b/2014/3xxx/CVE-2014-3004.json @@ -81,6 +81,11 @@ "name": "67676", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67676" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2014/3xxx/CVE-2014-3230.json b/2014/3xxx/CVE-2014-3230.json index a7200748038..cd395897699 100644 --- a/2014/3xxx/CVE-2014-3230.json +++ b/2014/3xxx/CVE-2014-3230.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-3230", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS_CA_DIR or (2) HTTPS_CA_FILE environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "libwww-perl", + "product": { + "product_data": [ + { + "product_name": "LWP::Protocol::https", + "version": { + "version_data": [ + { + "version_value": "6.04 through 6.06" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746579", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746579" + }, + { + "refsource": "MISC", + "name": "https://github.com/libwww-perl/lwp-protocol-https/pull/14", + "url": "https://github.com/libwww-perl/lwp-protocol-https/pull/14" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/05/02/8", + "url": "http://www.openwall.com/lists/oss-security/2014/05/02/8" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/05/04/1", + "url": "http://www.openwall.com/lists/oss-security/2014/05/04/1" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/05/06/8", + "url": "http://www.openwall.com/lists/oss-security/2014/05/06/8" } ] } diff --git a/2014/3xxx/CVE-2014-3445.json b/2014/3xxx/CVE-2014-3445.json index d21fa1e3df4..112c2aa721e 100644 --- a/2014/3xxx/CVE-2014-3445.json +++ b/2014/3xxx/CVE-2014-3445.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3445", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the administrator password hash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/126844/HandsomeWeb-SOS-Webpages-1.1.11-Backup-Hash-Disclosure.html", + "url": "http://packetstormsecurity.com/files/126844/HandsomeWeb-SOS-Webpages-1.1.11-Backup-Hash-Disclosure.html" + }, + { + "refsource": "MISC", + "name": "http://sourceforge.net/projects/soswebpages/files/SOS%20Webpages/SOS%20Webpages%201.1.12/", + "url": "http://sourceforge.net/projects/soswebpages/files/SOS%20Webpages/SOS%20Webpages%201.1.12/" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/May/130", + "url": "http://seclists.org/fulldisclosure/2014/May/130" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/67644", + "url": "http://www.securityfocus.com/bid/67644" + }, + { + "refsource": "MISC", + "name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3445/", + "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3445/" } ] } diff --git a/2014/3xxx/CVE-2014-3566.json b/2014/3xxx/CVE-2014-3566.json index 18b04e7936c..a002dcd7cfd 100644 --- a/2014/3xxx/CVE-2014-3566.json +++ b/2014/3xxx/CVE-2014-3566.json @@ -1341,6 +1341,11 @@ "name": "HPSBPI03107", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=143558137709884&w=2" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2014/3xxx/CVE-2014-3577.json b/2014/3xxx/CVE-2014-3577.json index 135b42e41b0..1a56b7cd014 100644 --- a/2014/3xxx/CVE-2014-3577.json +++ b/2014/3xxx/CVE-2014-3577.json @@ -231,6 +231,16 @@ "refsource": "MLIST", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", + "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2014/3xxx/CVE-2014-3584.json b/2014/3xxx/CVE-2014-3584.json index b4967a99c2c..98bd312b26c 100644 --- a/2014/3xxx/CVE-2014-3584.json +++ b/2014/3xxx/CVE-2014-3584.json @@ -76,6 +76,11 @@ "name": "http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc", "refsource": "CONFIRM", "url": "http://cxf.apache.org/security-advisories.data/CVE-2014-3584.txt.asc" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2014/3xxx/CVE-2014-3596.json b/2014/3xxx/CVE-2014-3596.json index 40c7e2ff6f0..59e337d3945 100644 --- a/2014/3xxx/CVE-2014-3596.json +++ b/2014/3xxx/CVE-2014-3596.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784." + "value": "The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a certificate with a subject that specifies a common name in a field that is not the CN field. NOTE: this issue exists because of an incomplete fix for CVE-2012-5784." } ] }, @@ -126,6 +126,11 @@ "refsource": "MLIST", "name": "[axis-java-dev] 20190909 [jira] [Commented] (AXIS-2905) Insecure certificate validation CVE-2014-3596", "url": "https://lists.apache.org/thread.html/5e6c92145deddcecf70c3604041dcbd615efa2d37632fc2b9c367780@%3Cjava-dev.axis.apache.org%3E" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2014/3xxx/CVE-2014-3606.json b/2014/3xxx/CVE-2014-3606.json index 20ee496a04a..da94c028e3c 100644 --- a/2014/3xxx/CVE-2014-3606.json +++ b/2014/3xxx/CVE-2014-3606.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2014-3606", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-3606", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2014/3xxx/CVE-2014-3623.json b/2014/3xxx/CVE-2014-3623.json index f244f2bf898..26ec5812d65 100644 --- a/2014/3xxx/CVE-2014-3623.json +++ b/2014/3xxx/CVE-2014-3623.json @@ -96,6 +96,11 @@ "name": "apache-cxf-cve20143623-sec-bypass(97754)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97754" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2014/3xxx/CVE-2014-3856.json b/2014/3xxx/CVE-2014-3856.json index 9d1dd80a1ac..b85ee3981d4 100644 --- a/2014/3xxx/CVE-2014-3856.json +++ b/2014/3xxx/CVE-2014-3856.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3856", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/fish-shell/fish-shell/issues/1437", + "url": "https://github.com/fish-shell/fish-shell/issues/1437" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/fish-shell/fish-shell/releases/tag/2.1.1", + "url": "https://github.com/fish-shell/fish-shell/releases/tag/2.1.1" + }, + { + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2014/04/28/4", + "url": "https://www.openwall.com/lists/oss-security/2014/04/28/4" } ] } diff --git a/2014/3xxx/CVE-2014-3979.json b/2014/3xxx/CVE-2014-3979.json index bd52e3a6805..db4d7e445c8 100644 --- a/2014/3xxx/CVE-2014-3979.json +++ b/2014/3xxx/CVE-2014-3979.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3979", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Bytemark Symbiosis allows remote attackers to cause a denial of service via a crafted username, which triggers the firewall to blacklist the IP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/06/06/10", + "url": "http://www.openwall.com/lists/oss-security/2014/06/06/10" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/06/11/2", + "url": "http://www.openwall.com/lists/oss-security/2014/06/11/2" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/67948", + "url": "http://www.securityfocus.com/bid/67948" } ] } diff --git a/2014/4xxx/CVE-2014-4156.json b/2014/4xxx/CVE-2014-4156.json index c476a88f364..c33653dd86d 100644 --- a/2014/4xxx/CVE-2014-4156.json +++ b/2014/4xxx/CVE-2014-4156.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4156", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/68028", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/68028" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2014/06/17/16", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/06/17/16" } ] } diff --git a/2014/4xxx/CVE-2014-4172.json b/2014/4xxx/CVE-2014-4172.json index 98db088a9a9..dbc020fa88e 100644 --- a/2014/4xxx/CVE-2014-4172.json +++ b/2014/4xxx/CVE-2014-4172.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4172", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,101 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the (1) service parameter to validation/AbstractUrlBasedTicketValidator.java or (2) pgtUrl parameter to validation/Cas20ServiceTicketValidator.java." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1131350" + }, + { + "refsource": "MISC", + "name": "https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html", + "url": "https://www.mail-archive.com/cas-user@lists.jasig.org/msg17338.html" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759718" + }, + { + "refsource": "MISC", + "name": "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d", + "url": "https://github.com/Jasig/dotnet-cas-client/commit/f0e030014fb7a39e5f38469f43199dc590fd0e8d" + }, + { + "refsource": "MISC", + "name": "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814", + "url": "https://github.com/Jasig/java-cas-client/commit/ae37092100c8eaec610dab6d83e5e05a8ee58814" + }, + { + "refsource": "MISC", + "name": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog", + "url": "https://github.com/Jasig/phpCAS/blob/master/docs/ChangeLog" + }, + { + "refsource": "MISC", + "name": "https://github.com/Jasig/phpCAS/pull/125", + "url": "https://github.com/Jasig/phpCAS/pull/125" + }, + { + "refsource": "MISC", + "name": "https://issues.jasig.org/browse/CASC-228", + "url": "https://issues.jasig.org/browse/CASC-228" + }, + { + "refsource": "MISC", + "name": "https://www.debian.org/security/2014/dsa-3017.en.html", + "url": "https://www.debian.org/security/2014/dsa-3017.en.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-August/137182.html" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95673" } ] } diff --git a/2014/4xxx/CVE-2014-4609.json b/2014/4xxx/CVE-2014-4609.json index ab47a9df339..524872c49b1 100644 --- a/2014/4xxx/CVE-2014-4609.json +++ b/2014/4xxx/CVE-2014-4609.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4609", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer overflow in the get_len function in libavutil/lzo.c in Libav before 0.8.13, 9.x before 9.14, and 10.x before 10.2 allows remote attackers to execute arbitrary code via a crafted Literal Run." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", + "url": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/06/26/22", + "url": "http://www.openwall.com/lists/oss-security/2014/06/26/22" + }, + { + "refsource": "MISC", + "name": "https://libav.org/news/#2014-06-27", + "url": "https://libav.org/news/#2014-06-27" } ] } diff --git a/2014/4xxx/CVE-2014-4610.json b/2014/4xxx/CVE-2014-4610.json index 77a7c431726..cf8d9366196 100644 --- a/2014/4xxx/CVE-2014-4610.json +++ b/2014/4xxx/CVE-2014-4610.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4610", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer overflow in the get_len function in libavutil/lzo.c in FFmpeg before 0.10.14, 1.1.x before 1.1.12, 1.2.x before 1.2.7, 2.0.x before 2.0.5, 2.1.x before 2.1.5, and 2.2.x before 2.2.4 allows remote attackers to execute arbitrary code via a crafted Literal Run." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html", + "url": "http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/06/26/23", + "url": "http://www.openwall.com/lists/oss-security/2014/06/26/23" + }, + { + "refsource": "MISC", + "name": "https://www.ffmpeg.org/security.html", + "url": "https://www.ffmpeg.org/security.html" } ] } diff --git a/2014/5xxx/CVE-2014-5005.json b/2014/5xxx/CVE-2014-5005.json index 85eaf12bc9c..11b84831af3 100644 --- a/2014/5xxx/CVE-2014-5005.json +++ b/2014/5xxx/CVE-2014-5005.json @@ -57,6 +57,11 @@ "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Aug/88" }, + { + "refsource": "CONFIRM", + "name": "https://www.manageengine.com/products/desktop-central/remote-code-execution.html", + "url": "https://www.manageengine.com/products/desktop-central/remote-code-execution.html" + }, { "name": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc9_file_upload.txt", "refsource": "MISC", diff --git a/2014/5xxx/CVE-2014-5006.json b/2014/5xxx/CVE-2014-5006.json index 973d1b8b388..7504bf3b10f 100644 --- a/2014/5xxx/CVE-2014-5006.json +++ b/2014/5xxx/CVE-2014-5006.json @@ -57,6 +57,11 @@ "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Aug/88" }, + { + "refsource": "CONFIRM", + "name": "https://www.manageengine.com/products/desktop-central/remote-code-execution.html", + "url": "https://www.manageengine.com/products/desktop-central/remote-code-execution.html" + }, { "name": "https://raw.githubusercontent.com/pedrib/PoC/master/ManageEngine/me_dc9_file_upload.txt", "refsource": "MISC", diff --git a/2014/5xxx/CVE-2014-5007.json b/2014/5xxx/CVE-2014-5007.json index d883374357b..c06e223426c 100644 --- a/2014/5xxx/CVE-2014-5007.json +++ b/2014/5xxx/CVE-2014-5007.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5007", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +11,57 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.manageengine.com/products/desktop-central/remote-code-execution.html", + "url": "https://www.manageengine.com/products/desktop-central/remote-code-execution.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Aug/88", + "url": "http://seclists.org/fulldisclosure/2014/Aug/88" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } } } \ No newline at end of file diff --git a/2014/5xxx/CVE-2014-5138.json b/2014/5xxx/CVE-2014-5138.json index 6be5a671aa0..7d5acd240eb 100644 --- a/2014/5xxx/CVE-2014-5138.json +++ b/2014/5xxx/CVE-2014-5138.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5138", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Innovative Interfaces Sierra Library Services Platform 1.2_3 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/128053/Sierra-Library-Services-Platform-1.2_3-XSS-Enumeration.html", + "url": "https://packetstormsecurity.com/files/128053/Sierra-Library-Services-Platform-1.2_3-XSS-Enumeration.html" } ] } diff --git a/2014/5xxx/CVE-2014-5238.json b/2014/5xxx/CVE-2014-5238.json index bae9ba74ae7..31b0267db72 100644 --- a/2014/5xxx/CVE-2014-5238.json +++ b/2014/5xxx/CVE-2014-5238.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5238", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified impact via a crafted OpenDocument Text document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html", + "url": "http://packetstormsecurity.com/files/128257/Open-Xchange-7.6.0-XSS-SSRF-Traversal.html" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/533443/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf", + "url": "http://software.open-xchange.com/OX6/doc/Release_Notes_for_Patch_Release_2112_7.6.0_2014-08-25.pdf" } ] } diff --git a/2014/5xxx/CVE-2014-5380.json b/2014/5xxx/CVE-2014-5380.json index 9da5655cf19..230bae6a48a 100644 --- a/2014/5xxx/CVE-2014-5380.json +++ b/2014/5xxx/CVE-2014-5380.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5380", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Grand MA 300 allows retrieval of the access PIN from sniffed data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/128003/Grand-MA-300-Fingerprint-Reader-Weak-PIN-Verification.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/128003/Grand-MA-300-Fingerprint-Reader-Weak-PIN-Verification.html" + }, + { + "url": "http://www.securityfocus.com/bid/69390", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/69390" + }, + { + "url": "http://seclists.org/fulldisclosure/2014/Aug/70", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Aug/70" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95484", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95484" } ] } diff --git a/2014/5xxx/CVE-2014-5381.json b/2014/5xxx/CVE-2014-5381.json index d2c852cbca6..1bda098579b 100644 --- a/2014/5xxx/CVE-2014-5381.json +++ b/2014/5xxx/CVE-2014-5381.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5381", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Grand MA 300 allows a brute-force attack on the PIN." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/128003/Grand-MA-300-Fingerprint-Reader-Weak-PIN-Verification.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/128003/Grand-MA-300-Fingerprint-Reader-Weak-PIN-Verification.html" + }, + { + "url": "http://www.securityfocus.com/bid/69390", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/69390" + }, + { + "url": "http://seclists.org/fulldisclosure/2014/Aug/70", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Aug/70" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95485", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95485" } ] } diff --git a/2014/5xxx/CVE-2014-5500.json b/2014/5xxx/CVE-2014-5500.json index 28077c1a330..68ce2584180 100644 --- a/2014/5xxx/CVE-2014-5500.json +++ b/2014/5xxx/CVE-2014-5500.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5500", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Synacor Zimbra Collaboration before 8.0.8 has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" } ] } diff --git a/2014/6xxx/CVE-2014-6038.json b/2014/6xxx/CVE-2014-6038.json index 3a3454df766..50f7e819199 100644 --- a/2014/6xxx/CVE-2014-6038.json +++ b/2014/6xxx/CVE-2014-6038.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-6038", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 have a database Information Disclosure Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html" + }, + { + "url": "http://www.securityfocus.com/bid/70959", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/70959" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98540", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98540" + }, + { + "url": "http://seclists.org/fulldisclosure/2014/Nov/12", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Nov/12" } ] } diff --git a/2014/6xxx/CVE-2014-6039.json b/2014/6xxx/CVE-2014-6039.json index 6ea6d6c2df5..2e04b090f64 100644 --- a/2014/6xxx/CVE-2014-6039.json +++ b/2014/6xxx/CVE-2014-6039.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-6039", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a Credentials Disclosure Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/128996/ManageEngine-EventLog-Analyzer-SQL-Credential-Disclosure.html" + }, + { + "url": "http://seclists.org/fulldisclosure/2014/Nov/12", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2014/Nov/12" + }, + { + "url": "http://www.securityfocus.com/bid/70960", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/70960" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98539", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98539" } ] } diff --git a/2014/6xxx/CVE-2014-6059.json b/2014/6xxx/CVE-2014-6059.json index cbff28fca50..f2a8ed4ad92 100644 --- a/2014/6xxx/CVE-2014-6059.json +++ b/2014/6xxx/CVE-2014-6059.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-6059", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary File Overwrite Vulnerability" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/128137/WordPress-Advanced-Access-Manager-2.8.2-File-Write-Code-Execution.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/128137/WordPress-Advanced-Access-Manager-2.8.2-File-Write-Code-Execution.html" + }, + { + "url": "http://www.securityfocus.com/bid/69549", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/69549" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95694", + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95694" } ] } diff --git a/2014/6xxx/CVE-2014-6448.json b/2014/6xxx/CVE-2014-6448.json index 0c359776b26..344be14e110 100644 --- a/2014/6xxx/CVE-2014-6448.json +++ b/2014/6xxx/CVE-2014-6448.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-6448", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10695", + "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10695" } ] } diff --git a/2014/7xxx/CVE-2014-7238.json b/2014/7xxx/CVE-2014-7238.json index 71b4165ea07..1fc17e26608 100644 --- a/2014/7xxx/CVE-2014-7238.json +++ b/2014/7xxx/CVE-2014-7238.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7238", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 has Stored XSS" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/8235", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/8235" } ] } diff --git a/2014/7xxx/CVE-2014-7301.json b/2014/7xxx/CVE-2014-7301.json index dc43e8ad463..aebbf558548 100644 --- a/2014/7xxx/CVE-2014-7301.json +++ b/2014/7xxx/CVE-2014-7301.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7301", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading /etc/odapw." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/129466/SGI-Tempo-Database-Password-Disclosure.html", + "url": "https://packetstormsecurity.com/files/129466/SGI-Tempo-Database-Password-Disclosure.html" + }, + { + "refsource": "MISC", + "name": "https://labs.f-secure.com/advisories/sgi-tempo-system-database-password-exposure/", + "url": "https://labs.f-secure.com/advisories/sgi-tempo-system-database-password-exposure/" } ] } diff --git a/2014/7xxx/CVE-2014-7302.json b/2014/7xxx/CVE-2014-7302.json index ccdc631c46e..b2eb5e498eb 100644 --- a/2014/7xxx/CVE-2014-7302.json +++ b/2014/7xxx/CVE-2014-7302.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7302", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/129465/SGI-Tempo-vx-Setuid-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/129465/SGI-Tempo-vx-Setuid-Privilege-Escalation.html" + }, + { + "refsource": "MISC", + "name": "https://labs.mwrinfosecurity.com/advisories/2014/12/02/sgi-suid-root-privilege-escalation/", + "url": "https://labs.mwrinfosecurity.com/advisories/2014/12/02/sgi-suid-root-privilege-escalation/" } ] } diff --git a/2014/7xxx/CVE-2014-7303.json b/2014/7xxx/CVE-2014-7303.json index 052a7a25923..d874ed46154 100644 --- a/2014/7xxx/CVE-2014-7303.json +++ b/2014/7xxx/CVE-2014-7303.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-7303", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading etc/dbdump.db." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/129467/SGI-Tempo-Database-Exposure.html", + "url": "https://packetstormsecurity.com/files/129467/SGI-Tempo-Database-Exposure.html" + }, + { + "refsource": "MISC", + "name": "https://labs.f-secure.com/advisories/sgi-tempo-system-database-exposure/", + "url": "https://labs.f-secure.com/advisories/sgi-tempo-system-database-exposure/" } ] } diff --git a/2014/7xxx/CVE-2014-7844.json b/2014/7xxx/CVE-2014-7844.json index 2605bc81c9f..13361dfa59a 100644 --- a/2014/7xxx/CVE-2014-7844.json +++ b/2014/7xxx/CVE-2014-7844.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-7844", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted email address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Metacharacters" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "BSD", + "product": { + "product_data": [ + { + "product_name": "mailx", + "version": { + "version_data": [ + { + "version_value": "8.1.2 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/oss-sec/2014/q4/1066", + "url": "http://seclists.org/oss-sec/2014/q4/1066" + }, + { + "refsource": "MISC", + "name": "http://linux.oracle.com/errata/ELSA-2014-1999.html", + "url": "http://linux.oracle.com/errata/ELSA-2014-1999.html" + }, + { + "refsource": "MISC", + "name": "http://www.debian.org/security/2014/dsa-3104", + "url": "http://www.debian.org/security/2014/dsa-3104" + }, + { + "refsource": "MISC", + "name": "http://www.debian.org/security/2014/dsa-3105", + "url": "http://www.debian.org/security/2014/dsa-3105" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2014-1999.html", + "url": "http://rhn.redhat.com/errata/RHSA-2014-1999.html" } ] } diff --git a/2014/8xxx/CVE-2014-8161.json b/2014/8xxx/CVE-2014-8161.json index ffaa622c9b8..cdda87a59cd 100644 --- a/2014/8xxx/CVE-2014-8161.json +++ b/2014/8xxx/CVE-2014-8161.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-8161", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,93 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PostgreSQL Global Development Group", + "product": { + "product_data": [ + { + "product_name": "PostgreSQL", + "version": { + "version_data": [ + { + "version_value": "before 9.0.19" + }, + { + "version_value": "9.1.x before 9.1.15" + }, + { + "version_value": "9.2.x before 9.2.10" + }, + { + "version_value": "9.3.x before 9.3.6" + }, + { + "version_value": "9.4.x before 9.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", + "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/about/news/1569/", + "url": "http://www.postgresql.org/about/news/1569/" + }, + { + "refsource": "CONFIRM", + "name": "http://www.debian.org/security/2015/dsa-3155", + "url": "http://www.debian.org/security/2015/dsa-3155" } ] } diff --git a/2014/8xxx/CVE-2014-8563.json b/2014/8xxx/CVE-2014-8563.json index 6d155e7afe1..d94a9940d57 100644 --- a/2014/8xxx/CVE-2014-8563.json +++ b/2014/8xxx/CVE-2014-8563.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8563", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=96105", + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=96105" } ] } diff --git a/2014/8xxx/CVE-2014-8741.json b/2014/8xxx/CVE-2014-8741.json index da3adac0433..5f3d35c4d1c 100644 --- a/2014/8xxx/CVE-2014-8741.json +++ b/2014/8xxx/CVE-2014-8741.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8741", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://support.lexmark.com/index?page=content&id=TE666", + "url": "http://support.lexmark.com/index?page=content&id=TE666" + }, + { + "refsource": "MISC", + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-410/", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-410/" } ] } diff --git a/2014/8xxx/CVE-2014-8742.json b/2014/8xxx/CVE-2014-8742.json index 8247b57910e..77a08172cb7 100644 --- a/2014/8xxx/CVE-2014-8742.json +++ b/2014/8xxx/CVE-2014-8742.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-8742", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.zerodayinitiative.com/advisories/ZDI-14-411/", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-14-411/" + }, + { + "refsource": "CONFIRM", + "name": "http://support.lexmark.com/index?page=content&id=TE666", + "url": "http://support.lexmark.com/index?page=content&id=TE666" } ] } diff --git a/2014/9xxx/CVE-2014-9211.json b/2014/9xxx/CVE-2014-9211.json index c7faffe8be1..08ef697c9dc 100644 --- a/2014/9xxx/CVE-2014-9211.json +++ b/2014/9xxx/CVE-2014-9211.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9211", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ClickDesk version 4.3 and below has persistent cross site scripting" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/65971", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/65971" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/author/11084/", + "url": "https://packetstormsecurity.com/files/author/11084/" } ] } diff --git a/2014/9xxx/CVE-2014-9382.json b/2014/9xxx/CVE-2014-9382.json index 68fbfb2ce9b..2ba87d7899b 100644 --- a/2014/9xxx/CVE-2014-9382.json +++ b/2014/9xxx/CVE-2014-9382.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9382", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user account creation" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/132121/FreeBox-3.0.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/132121/FreeBox-3.0.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html" + }, + { + "url": "http://www.securityfocus.com/bid/74936", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/74936" + }, + { + "url": "http://seclists.org/fulldisclosure/2015/Jun/1", + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Jun/1" } ] } diff --git a/2014/9xxx/CVE-2014-9481.json b/2014/9xxx/CVE-2014-9481.json index 4427a1877a5..586589d5825 100644 --- a/2014/9xxx/CVE-2014-9481.json +++ b/2014/9xxx/CVE-2014-9481.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2014-9481", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Scribunto", + "product": { + "product_data": [ + { + "product_name": "Scribunto", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2014/12/21/2", + "url": "http://www.openwall.com/lists/oss-security/2014/12/21/2" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/01/03/13", + "url": "http://www.openwall.com/lists/oss-security/2015/01/03/13" + }, + { + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T73167", + "url": "https://phabricator.wikimedia.org/T73167" + }, + { + "refsource": "CONFIRM", + "name": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html", + "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html" } ] } diff --git a/2014/9xxx/CVE-2014-9625.json b/2014/9xxx/CVE-2014-9625.json index d51d9c3e0ce..c3f8d791195 100644 --- a/2014/9xxx/CVE-2014-9625.json +++ b/2014/9xxx/CVE-2014-9625.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9625", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The GetUpdateFile function in misc/update.c in the Updater in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted update status file, aka an \"integer truncation\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14", + "url": "https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14" + }, + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/01/20/5", + "url": "http://openwall.com/lists/oss-security/2015/01/20/5" + }, + { + "refsource": "CONFIRM", + "name": "https://www.videolan.org/security/sa1501.html", + "url": "https://www.videolan.org/security/sa1501.html" } ] } diff --git a/2014/9xxx/CVE-2014-9626.json b/2014/9xxx/CVE-2014-9626.json index fc8c59c1581..3b15f6d5021 100644 --- a/2014/9xxx/CVE-2014-9626.json +++ b/2014/9xxx/CVE-2014-9626.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9626", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer underflow in the MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a box size less than 7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/01/20/5", + "url": "http://openwall.com/lists/oss-security/2015/01/20/5" + }, + { + "refsource": "MISC", + "name": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39", + "url": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39" + }, + { + "refsource": "CONFIRM", + "name": "https://www.videolan.org/security/sa1501.html", + "url": "https://www.videolan.org/security/sa1501.html" } ] } diff --git a/2014/9xxx/CVE-2014-9627.json b/2014/9xxx/CVE-2014-9627.json index 79169542534..242e138a9bb 100644 --- a/2014/9xxx/CVE-2014-9627.json +++ b/2014/9xxx/CVE-2014-9627.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9627", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 performs an incorrect cast operation from a 64-bit integer to a 32-bit integer, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large box size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/01/20/5", + "url": "http://openwall.com/lists/oss-security/2015/01/20/5" + }, + { + "refsource": "MISC", + "name": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39", + "url": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39" + }, + { + "refsource": "CONFIRM", + "name": "https://www.videolan.org/security/sa1501.html", + "url": "https://www.videolan.org/security/sa1501.html" } ] } diff --git a/2014/9xxx/CVE-2014-9628.json b/2014/9xxx/CVE-2014-9628.json index ff596dd8ef4..fd5d0b08a68 100644 --- a/2014/9xxx/CVE-2014-9628.json +++ b/2014/9xxx/CVE-2014-9628.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9628", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MP4_ReadBox_String function in modules/demux/mp4/libmp4.c in VideoLAN VLC media player before 2.1.6 allows remote attackers to trigger an unintended zero-size malloc and conduct buffer overflow attacks, and consequently execute arbitrary code, via a box size of 7." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/01/20/5", + "url": "http://openwall.com/lists/oss-security/2015/01/20/5" + }, + { + "refsource": "MISC", + "name": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39", + "url": "https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39" + }, + { + "refsource": "CONFIRM", + "name": "https://www.videolan.org/security/sa1501.html", + "url": "https://www.videolan.org/security/sa1501.html" } ] } diff --git a/2014/9xxx/CVE-2014-9629.json b/2014/9xxx/CVE-2014-9629.json index b85b96c6e4f..514a4604d51 100644 --- a/2014/9xxx/CVE-2014-9629.json +++ b/2014/9xxx/CVE-2014-9629.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9629", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/01/20/5", + "url": "http://openwall.com/lists/oss-security/2015/01/20/5" + }, + { + "refsource": "MISC", + "name": "https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5", + "url": "https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5" + }, + { + "refsource": "CONFIRM", + "name": "https://www.videolan.org/security/sa1501.html", + "url": "https://www.videolan.org/security/sa1501.html" } ] } diff --git a/2014/9xxx/CVE-2014-9630.json b/2014/9xxx/CVE-2014-9630.json index 156ca49d7a8..38f7b955a9a 100644 --- a/2014/9xxx/CVE-2014-9630.json +++ b/2014/9xxx/CVE-2014-9630.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9630", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The rtp_packetize_xiph_config function in modules/stream_out/rtpfmt.c in VideoLAN VLC media player before 2.1.6 uses a stack-allocation approach with a size determined by arbitrary input data, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted length value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/01/20/5", + "url": "http://openwall.com/lists/oss-security/2015/01/20/5" + }, + { + "refsource": "MISC", + "name": "https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97", + "url": "https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97" + }, + { + "refsource": "CONFIRM", + "name": "https://www.videolan.org/security/sa1501.html", + "url": "https://www.videolan.org/security/sa1501.html" } ] } diff --git a/2014/9xxx/CVE-2014-9720.json b/2014/9xxx/CVE-2014-9720.json index 817a319ccd8..e8f00b12983 100644 --- a/2014/9xxx/CVE-2014-9720.json +++ b/2014/9xxx/CVE-2014-9720.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-9720", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html", + "url": "http://www.tornadoweb.org/en/stable/releases/v3.2.2.html" + }, + { + "refsource": "MISC", + "name": "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308", + "url": "https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.novell.com/show_bug.cgi?id=930362", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=930362" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1222816", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1222816" + }, + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/05/19/4", + "url": "http://openwall.com/lists/oss-security/2015/05/19/4" } ] } diff --git a/2015/0xxx/CVE-2015-0241.json b/2015/0xxx/CVE-2015-0241.json index f044db482b3..3c984b7ac41 100644 --- a/2015/0xxx/CVE-2015-0241.json +++ b/2015/0xxx/CVE-2015-0241.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0241", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,93 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PostgreSQL Global Development Group", + "product": { + "product_data": [ + { + "product_name": "PostgreSQL", + "version": { + "version_data": [ + { + "version_value": "before 9.0.19" + }, + { + "version_value": "9.1.x before 9.1.15" + }, + { + "version_value": "9.2.x before 9.2.10" + }, + { + "version_value": "9.3.x before 9.3.6" + }, + { + "version_value": "9.4.x before 9.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", + "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/about/news/1569/", + "url": "http://www.postgresql.org/about/news/1569/" + }, + { + "refsource": "CONFIRM", + "name": "http://www.debian.org/security/2015/dsa-3155", + "url": "http://www.debian.org/security/2015/dsa-3155" } ] } diff --git a/2015/0xxx/CVE-2015-0242.json b/2015/0xxx/CVE-2015-0242.json index 926cb66e385..bb57903554c 100644 --- a/2015/0xxx/CVE-2015-0242.json +++ b/2015/0xxx/CVE-2015-0242.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0242", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,93 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PostgreSQL Global Development Group", + "product": { + "product_data": [ + { + "product_name": "PostgreSQL", + "version": { + "version_data": [ + { + "version_value": "before 9.0.19" + }, + { + "version_value": "9.1.x before 9.1.15" + }, + { + "version_value": "9.2.x before 9.2.10" + }, + { + "version_value": "9.3.x before 9.3.6" + }, + { + "version_value": "9.4.x before 9.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", + "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/about/news/1569/", + "url": "http://www.postgresql.org/about/news/1569/" + }, + { + "refsource": "CONFIRM", + "name": "http://www.debian.org/security/2015/dsa-3155", + "url": "http://www.debian.org/security/2015/dsa-3155" } ] } diff --git a/2015/0xxx/CVE-2015-0243.json b/2015/0xxx/CVE-2015-0243.json index 831b3b1346a..0b8f9748a49 100644 --- a/2015/0xxx/CVE-2015-0243.json +++ b/2015/0xxx/CVE-2015-0243.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0243", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,93 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PostgreSQL Global Development Group", + "product": { + "product_data": [ + { + "product_name": "PostgreSQL", + "version": { + "version_data": [ + { + "version_value": "before 9.0.19" + }, + { + "version_value": "9.1.x before 9.1.15" + }, + { + "version_value": "9.2.x before 9.2.10" + }, + { + "version_value": "9.3.x before 9.3.6" + }, + { + "version_value": "9.4.x before 9.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", + "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/about/news/1569/", + "url": "http://www.postgresql.org/about/news/1569/" + }, + { + "refsource": "CONFIRM", + "name": "http://www.debian.org/security/2015/dsa-3155", + "url": "http://www.debian.org/security/2015/dsa-3155" } ] } diff --git a/2015/0xxx/CVE-2015-0244.json b/2015/0xxx/CVE-2015-0244.json index e6100ae07ef..6d43ae3b9f0 100644 --- a/2015/0xxx/CVE-2015-0244.json +++ b/2015/0xxx/CVE-2015-0244.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0244", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,93 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PostgreSQL Global Development Group", + "product": { + "product_data": [ + { + "product_name": "PostgreSQL", + "version": { + "version_data": [ + { + "version_value": "before 9.0.19" + }, + { + "version_value": "9.1.x before 9.1.15" + }, + { + "version_value": "9.2.x before 9.2.10" + }, + { + "version_value": "9.3.x before 9.3.6" + }, + { + "version_value": "9.4.x before 9.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", + "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html", + "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.postgresql.org/about/news/1569/", + "url": "http://www.postgresql.org/about/news/1569/" + }, + { + "refsource": "CONFIRM", + "name": "http://www.debian.org/security/2015/dsa-3155", + "url": "http://www.debian.org/security/2015/dsa-3155" } ] } diff --git a/2015/0xxx/CVE-2015-0294.json b/2015/0xxx/CVE-2015-0294.json index 1126e760455..dd2c78248da 100644 --- a/2015/0xxx/CVE-2015-0294.json +++ b/2015/0xxx/CVE-2015-0294.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0294", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptography" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GnuTLS", + "product": { + "product_data": [ + { + "product_name": "GnuTLS", + "version": { + "version_data": [ + { + "version_value": "before 3.3.13" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1196323", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1196323" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff", + "url": "https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff" + }, + { + "refsource": "MISC", + "name": "http://www.debian.org/security/2015/dsa-3191", + "url": "http://www.debian.org/security/2015/dsa-3191" } ] } diff --git a/2015/0xxx/CVE-2015-0558.json b/2015/0xxx/CVE-2015-0558.json index 184486e8f66..7576e17c9bf 100644 --- a/2015/0xxx/CVE-2015-0558.json +++ b/2015/0xxx/CVE-2015-0558.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-0558", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses \"1236790\" and the MAC address to generate the WPA key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/129817/Pirelli-Router-P.DG-A4001N-WPA-Key-Reverse-Engineering.html", + "url": "http://packetstormsecurity.com/files/129817/Pirelli-Router-P.DG-A4001N-WPA-Key-Reverse-Engineering.html" + }, + { + "refsource": "MISC", + "name": "http://www.exploit-db.com/exploits/35721", + "url": "http://www.exploit-db.com/exploits/35721" + }, + { + "refsource": "MISC", + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99682", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99682" } ] } diff --git a/2015/1xxx/CVE-2015-1202.json b/2015/1xxx/CVE-2015-1202.json index be0fc68eb3c..7bc6cd7c5db 100644 --- a/2015/1xxx/CVE-2015-1202.json +++ b/2015/1xxx/CVE-2015-1202.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-1202", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-1202", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2015/1xxx/CVE-2015-1203.json b/2015/1xxx/CVE-2015-1203.json index 2518475080b..dfcea3da87c 100644 --- a/2015/1xxx/CVE-2015-1203.json +++ b/2015/1xxx/CVE-2015-1203.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-1203", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-1203", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2015/1xxx/CVE-2015-1525.json b/2015/1xxx/CVE-2015-1525.json index e3ef329d33f..b8b9f5741af 100644 --- a/2015/1xxx/CVE-2015-1525.json +++ b/2015/1xxx/CVE-2015-1525.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-1525", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://android.googlesource.com/platform/hardware/libhardware_legacy/+/2d2ea50%5E!/", + "url": "https://android.googlesource.com/platform/hardware/libhardware_legacy/+/2d2ea50%5E!/" } ] } diff --git a/2015/1xxx/CVE-2015-1530.json b/2015/1xxx/CVE-2015-1530.json index 4409290e48e..b5ac8acd5ce 100644 --- a/2015/1xxx/CVE-2015-1530.json +++ b/2015/1xxx/CVE-2015-1530.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-1530", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://android.googlesource.com/platform/frameworks/av/+/74adca9%5E!/", + "url": "https://android.googlesource.com/platform/frameworks/av/+/74adca9%5E!/" } ] } diff --git a/2015/1xxx/CVE-2015-1809.json b/2015/1xxx/CVE-2015-1809.json index f2366d0f6c5..910964f26f7 100644 --- a/2015/1xxx/CVE-2015-1809.json +++ b/2015/1xxx/CVE-2015-1809.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-1809", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CloudBees", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "before 1.600" + } + ] + } + }, + { + "product_name": "Jenkins LTS", + "version": { + "version_data": [ + { + "version_value": "before 1.596.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205625", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205625" + }, + { + "refsource": "MISC", + "name": "https://jenkins.io/security/advisory/2015-02-27/", + "url": "https://jenkins.io/security/advisory/2015-02-27/" } ] } diff --git a/2015/1xxx/CVE-2015-1811.json b/2015/1xxx/CVE-2015-1811.json index f0ccf7aeb5d..ac385f6c21f 100644 --- a/2015/1xxx/CVE-2015-1811.json +++ b/2015/1xxx/CVE-2015-1811.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-1811", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "CloudBees", + "product": { + "product_data": [ + { + "product_name": "Jenkins", + "version": { + "version_data": [ + { + "version_value": "before 1.600" + } + ] + } + }, + { + "product_name": "Jenkins LTS", + "version": { + "version_data": [ + { + "version_value": "before 1.596.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205632" + }, + { + "refsource": "CONFIRM", + "name": "https://jenkins.io/security/advisory/2015-02-27/", + "url": "https://jenkins.io/security/advisory/2015-02-27/" } ] } diff --git a/2015/1xxx/CVE-2015-1850.json b/2015/1xxx/CVE-2015-1850.json index a4fca09dbd0..66130bcde9b 100644 --- a/2015/1xxx/CVE-2015-1850.json +++ b/2015/1xxx/CVE-2015-1850.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-1850", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-1850", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an exploitable issue. Notes: none." } ] } diff --git a/2015/1xxx/CVE-2015-1861.json b/2015/1xxx/CVE-2015-1861.json index cba6cd0252a..381f40ee519 100644 --- a/2015/1xxx/CVE-2015-1861.json +++ b/2015/1xxx/CVE-2015-1861.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-1861", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-1861", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." } ] } diff --git a/2015/1xxx/CVE-2015-1869.json b/2015/1xxx/CVE-2015-1869.json index 103040b4fc3..5e038a75d42 100644 --- a/2015/1xxx/CVE-2015-1869.json +++ b/2015/1xxx/CVE-2015-1869.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-1869", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain privileges as demonstrated by a symlink attack on a var_log_messages file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Symbolic Link Following" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ABRT", + "product": { + "product_data": [ + { + "product_name": "ABRT", + "version": { + "version_data": [ + { + "version_value": "before 7417505e1d93cc95ec648b74e3c801bc67aacb9f" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/04/17/5", + "url": "http://www.openwall.com/lists/oss-security/2015/04/17/5" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1212861", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212861" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca", + "url": "https://github.com/abrt/abrt/commit/3287aa12eb205cff95cdd00d6d6c5c9a4f8f0eca" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/7417505e1d93cc95ec648b74e3c801bc67aacb9f", + "url": "https://github.com/abrt/abrt/commit/7417505e1d93cc95ec648b74e3c801bc67aacb9f" } ] } diff --git a/2015/2xxx/CVE-2015-2249.json b/2015/2xxx/CVE-2015-2249.json index b56c2845839..5c3f75ef5d3 100644 --- a/2015/2xxx/CVE-2015-2249.json +++ b/2015/2xxx/CVE-2015-2249.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2249", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zimbra Collaboration before 8.6.0 patch5 has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" } ] } diff --git a/2015/2xxx/CVE-2015-2325.json b/2015/2xxx/CVE-2015-2325.json index 1924513ff11..6a840b25d14 100644 --- a/2015/2xxx/CVE-2015-2325.json +++ b/2015/2xxx/CVE-2015-2325.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2325", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html", + "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html" + }, + { + "refsource": "MISC", + "name": "https://bugs.exim.org/show_bug.cgi?id=1591", + "url": "https://bugs.exim.org/show_bug.cgi?id=1591" + }, + { + "refsource": "CONFIRM", + "name": "https://www.pcre.org/original/changelog.txt", + "url": "https://www.pcre.org/original/changelog.txt" + }, + { + "refsource": "MISC", + "name": "https://fortiguard.com/zeroday/FG-VD-15-015", + "url": "https://fortiguard.com/zeroday/FG-VD-15-015" } ] } diff --git a/2015/2xxx/CVE-2015-2326.json b/2015/2xxx/CVE-2015-2326.json index 4bf1e179c79..028fcee3b41 100644 --- a/2015/2xxx/CVE-2015-2326.json +++ b/2015/2xxx/CVE-2015-2326.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2326", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\\1))/\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugs.exim.org/show_bug.cgi?id=1592", + "url": "https://bugs.exim.org/show_bug.cgi?id=1592" + }, + { + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html", + "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00014.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.pcre.org/original/changelog.txt", + "url": "https://www.pcre.org/original/changelog.txt" + }, + { + "refsource": "MISC", + "name": "https://fortiguard.com/zeroday/FG-VD-15-016", + "url": "https://fortiguard.com/zeroday/FG-VD-15-016" } ] } diff --git a/2015/2xxx/CVE-2015-2688.json b/2015/2xxx/CVE-2015-2688.json index d72b82fff45..8c213f9bb72 100644 --- a/2015/2xxx/CVE-2015-2688.json +++ b/2015/2xxx/CVE-2015-2688.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2015-2688", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,59 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Tor Project", + "product": { + "product_data": [ + { + "product_name": "Tor", + "version": { + "version_data": [ + { + "version_value": "before 0.2.4.26" + }, + { + "version_value": "0.2.5.x before 0.2.5.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html", + "url": "https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html" + }, + { + "refsource": "MISC", + "name": "https://trac.torproject.org/projects/tor/ticket/15083", + "url": "https://trac.torproject.org/projects/tor/ticket/15083" } ] } diff --git a/2015/2xxx/CVE-2015-2689.json b/2015/2xxx/CVE-2015-2689.json index e82711b7303..188ccdaf706 100644 --- a/2015/2xxx/CVE-2015-2689.json +++ b/2015/2xxx/CVE-2015-2689.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2015-2689", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,59 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Tor Project", + "product": { + "product_data": [ + { + "product_name": "Tor", + "version": { + "version_data": [ + { + "version_value": "before 0.2.4.26" + }, + { + "version_value": "0.2.5.x before 0.2.5.11" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html", + "url": "https://lists.torproject.org/pipermail/tor-talk/2015-March/037281.html" + }, + { + "refsource": "MISC", + "name": "https://trac.torproject.org/projects/tor/ticket/14129", + "url": "https://trac.torproject.org/projects/tor/ticket/14129" } ] } diff --git a/2015/2xxx/CVE-2015-2784.json b/2015/2xxx/CVE-2015-2784.json index 038e4089396..323313a4d1e 100644 --- a/2015/2xxx/CVE-2015-2784.json +++ b/2015/2xxx/CVE-2015-2784.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2784", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/rsantamaria/papercrop/commit/b4ecd95debaf0a8712bd1d34def83f41fc6b3579", + "url": "https://github.com/rsantamaria/papercrop/commit/b4ecd95debaf0a8712bd1d34def83f41fc6b3579" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/rsantamaria/papercrop/blob/master/CHANGELOG.md", + "url": "https://github.com/rsantamaria/papercrop/blob/master/CHANGELOG.md" } ] } diff --git a/2015/2xxx/CVE-2015-2928.json b/2015/2xxx/CVE-2015-2928.json index 092f2564b4c..6b42c608d8e 100644 --- a/2015/2xxx/CVE-2015-2928.json +++ b/2015/2xxx/CVE-2015-2928.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2015-2928", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,62 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Tor Project", + "product": { + "product_data": [ + { + "product_name": "Tor", + "version": { + "version_data": [ + { + "version_value": "before 0.2.4.27" + }, + { + "version_value": "0.2.5.x before 0.2.5.12" + }, + { + "version_value": "0.2.6.x before 0.2.6.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://trac.torproject.org/projects/tor/ticket/15600", + "url": "https://trac.torproject.org/projects/tor/ticket/15600" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20150406 CVE Request: tor: new upstream releases (0.2.6.7, 0.2.5.12 and 0.2.4.27) fixing security issues", + "url": "http://openwall.com/lists/oss-security/2015/04/06/5" } ] } diff --git a/2015/2xxx/CVE-2015-2929.json b/2015/2xxx/CVE-2015-2929.json index cd675f8ec81..ae8a517a359 100644 --- a/2015/2xxx/CVE-2015-2929.json +++ b/2015/2xxx/CVE-2015-2929.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@debian.org", "ID": "CVE-2015-2929", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,62 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service - Malformed Input" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Tor Project", + "product": { + "product_data": [ + { + "product_name": "Tor", + "version": { + "version_data": [ + { + "version_value": "before 0.2.4.27" + }, + { + "version_value": "0.2.5.x before 0.2.5.12" + }, + { + "version_value": "0.2.6.x before 0.2.6.7" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/04/06/5", + "url": "http://openwall.com/lists/oss-security/2015/04/06/5" + }, + { + "refsource": "MISC", + "name": "https://trac.torproject.org/projects/tor/ticket/15601", + "url": "https://trac.torproject.org/projects/tor/ticket/15601" } ] } diff --git a/2015/3xxx/CVE-2015-3147.json b/2015/3xxx/CVE-2015-3147.json index 806243f5f9a..21054a35ca4 100644 --- a/2015/3xxx/CVE-2015-3147.json +++ b/2015/3xxx/CVE-2015-3147.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3147", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Symbolic Link Following" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ABRT", + "product": { + "product_data": [ + { + "product_name": "ABRT", + "version": { + "version_data": [ + { + "version_value": "before 2.6.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/04/17/5", + "url": "http://www.openwall.com/lists/oss-security/2015/04/17/5" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1212953", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212953" + }, + { + "refsource": "MISC", + "name": "https://github.com/abrt/abrt/pull/955", + "url": "https://github.com/abrt/abrt/pull/955" + }, + { + "refsource": "MISC", + "name": "http://rhn.redhat.com/errata/RHSA-2015-1083.html", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1083.html" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091", + "url": "https://github.com/abrt/abrt/commit/3746b7627218438ae7d781fc8b18a221454e9091" } ] } diff --git a/2015/3xxx/CVE-2015-3150.json b/2015/3xxx/CVE-2015-3150.json index 1564e32d101..de8e1203fa3 100644 --- a/2015/3xxx/CVE-2015-3150.json +++ b/2015/3xxx/CVE-2015-3150.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3150", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ABRT", + "product": { + "product_data": [ + { + "product_name": "ABRT", + "version": { + "version_data": [ + { + "version_value": "before 1951e7282043dfe1268d492aea056b554baedb75" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1214457", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1214457" + }, + { + "refsource": "MISC", + "name": "https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8", + "url": "https://github.com/abrt/abrt/commit/6e811d78e2719988ae291181f5b133af32ce62d8" + }, + { + "refsource": "MISC", + "name": "https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1", + "url": "https://github.com/abrt/abrt/commit/7814554e0827ece778ca88fd90832bd4d05520b1" + }, + { + "refsource": "MISC", + "name": "https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7", + "url": "https://github.com/abrt/abrt/commit/b7f8bd20b7fb5b72f003ae3fa647c1d75f4218b7" + }, + { + "refsource": "MISC", + "name": "https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75", + "url": "https://github.com/abrt/libreport/commit/1951e7282043dfe1268d492aea056b554baedb75" } ] } diff --git a/2015/3xxx/CVE-2015-3151.json b/2015/3xxx/CVE-2015-3151.json index 160e8cd5e40..1abe39a126f 100644 --- a/2015/3xxx/CVE-2015-3151.json +++ b/2015/3xxx/CVE-2015-3151.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3151", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,76 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal (Local File Inclusion)" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ABRT", + "product": { + "product_data": [ + { + "product_name": "ABRT", + "version": { + "version_data": [ + { + "version_value": "before 7a47f57975be0d285a2f20758e4572dca6d9cdd3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-3151" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932", + "url": "https://github.com/abrt/abrt/commit/c796c76341ee846cfb897ed645bac211d7d0a932" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b", + "url": "https://github.com/abrt/abrt/commit/f3c2a6af3455b2882e28570e8a04f1c2d4500d5b" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364", + "url": "https://github.com/abrt/libreport/commit/54ecf8d017580b495d6501e53ca54e453a73a364" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277", + "url": "https://github.com/abrt/libreport/commit/239c4f7d1f47265526b39ad70106767d00805277" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3", + "url": "https://github.com/abrt/abrt/commit/7a47f57975be0d285a2f20758e4572dca6d9cdd3" } ] } diff --git a/2015/3xxx/CVE-2015-3154.json b/2015/3xxx/CVE-2015-3154.json index 34a98d79295..cd686a40498 100644 --- a/2015/3xxx/CVE-2015-3154.json +++ b/2015/3xxx/CVE-2015-3154.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3154", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,57 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "CRLF injection vulnerability in Zend\\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CRLF Injection" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zend Technologies", + "product": { + "product_data": [ + { + "product_name": "Zend Framework", + "version": { + "version_data": [ + { + "version_value": "before 1.12.12" + }, + { + "version_value": "2.x before 2.3.8" + }, + { + "version_value": "2.4.x before 2.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://framework.zend.com/security/advisory/ZF2015-04", + "url": "http://framework.zend.com/security/advisory/ZF2015-04" } ] } diff --git a/2015/3xxx/CVE-2015-3159.json b/2015/3xxx/CVE-2015-3159.json index 5371ba2218c..06203ba9b00 100644 --- a/2015/3xxx/CVE-2015-3159.json +++ b/2015/3xxx/CVE-2015-3159.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-3159", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ABRT", + "product": { + "product_data": [ + { + "product_name": "ABRT", + "version": { + "version_data": [ + { + "version_value": "before 9a4100678fea4d60ec93d35f4c5de2e9ad054f3a" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1216962", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216962" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b", + "url": "https://github.com/abrt/abrt/commit/9943a77bca37a0829ccd3784d1dfab37f8c24e7b" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a", + "url": "https://github.com/abrt/abrt/commit/9a4100678fea4d60ec93d35f4c5de2e9ad054f3a" } ] } diff --git a/2015/4xxx/CVE-2015-4041.json b/2015/4xxx/CVE-2015-4041.json index a49c9f96bfa..781f2e829ce 100644 --- a/2015/4xxx/CVE-2015-4041.json +++ b/2015/4xxx/CVE-2015-4041.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-4041", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/05/15/1", + "url": "http://openwall.com/lists/oss-security/2015/05/15/1" + }, + { + "refsource": "MISC", + "name": "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940", + "url": "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=928749", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=928749" } ] } diff --git a/2015/4xxx/CVE-2015-4042.json b/2015/4xxx/CVE-2015-4042.json index a4b9971ca53..5485c066ab1 100644 --- a/2015/4xxx/CVE-2015-4042.json +++ b/2015/4xxx/CVE-2015-4042.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-4042", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://openwall.com/lists/oss-security/2015/05/15/1", + "url": "http://openwall.com/lists/oss-security/2015/05/15/1" + }, + { + "refsource": "MISC", + "name": "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940", + "url": "https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940" } ] } diff --git a/2015/4xxx/CVE-2015-4107.json b/2015/4xxx/CVE-2015-4107.json index 054cb30b1ae..ec80b56657b 100644 --- a/2015/4xxx/CVE-2015-4107.json +++ b/2015/4xxx/CVE-2015-4107.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-4107", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-4107", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was intended functionality. Notes: none." } ] } diff --git a/2015/4xxx/CVE-2015-4709.json b/2015/4xxx/CVE-2015-4709.json index 76a5c369123..353b28a203d 100644 --- a/2015/4xxx/CVE-2015-4709.json +++ b/2015/4xxx/CVE-2015-4709.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-4709", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-4709", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2015/5xxx/CVE-2015-5071.json b/2015/5xxx/CVE-2015-5071.json index 5ed5f6b6ff5..cc886668b4a 100644 --- a/2015/5xxx/CVE-2015-5071.json +++ b/2015/5xxx/CVE-2015-5071.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5071", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to \"navigate\" to arbitrary files via the __report parameter of the BIRT viewer servlet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/133688/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html", + "url": "https://packetstormsecurity.com/files/133688/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html" + }, + { + "refsource": "CONFIRM", + "name": "https://communities.bmc.com/docs/DOC-77816", + "url": "https://communities.bmc.com/docs/DOC-77816" } ] } diff --git a/2015/5xxx/CVE-2015-5072.json b/2015/5xxx/CVE-2015-5072.json index c9c26c08657..8af3018723d 100644 --- a/2015/5xxx/CVE-2015-5072.json +++ b/2015/5xxx/CVE-2015-5072.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5072", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to \"navigate\" to arbitrary local files via the __imageid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://communities.bmc.com/docs/DOC-77816", + "url": "https://communities.bmc.com/docs/DOC-77816" + }, + { + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/133689/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html", + "url": "https://packetstormsecurity.com/files/133689/BMC-Remedy-AR-8.1-9.0-File-Inclusion.html" } ] } diff --git a/2015/5xxx/CVE-2015-5175.json b/2015/5xxx/CVE-2015-5175.json index 3502d06895f..3a7367a170a 100644 --- a/2015/5xxx/CVE-2015-5175.json +++ b/2015/5xxx/CVE-2015-5175.json @@ -76,6 +76,11 @@ "name": "https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=commit;h=f65c961ea31e3c1851daba8e7e49fc37bbf77b19", "refsource": "CONFIRM", "url": "https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=commit;h=f65c961ea31e3c1851daba8e7e49fc37bbf77b19" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2015/5xxx/CVE-2015-5230.json b/2015/5xxx/CVE-2015-5230.json index 83930830e24..2ca53be1f10 100644 --- a/2015/5xxx/CVE-2015-5230.json +++ b/2015/5xxx/CVE-2015-5230.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5230", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "PowerDNS", + "product": { + "product_data": [ + { + "product_name": "PowerDNS Authoritative Server", + "version": { + "version_data": [ + { + "version_value": "3.4.x before 3.4.6" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/", + "url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-02/" + }, + { + "refsource": "MISC", + "name": "http://www.debian.org/security/2015/dsa-3347", + "url": "http://www.debian.org/security/2015/dsa-3347" + }, + { + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1033475", + "url": "http://www.securitytracker.com/id/1033475" } ] } diff --git a/2015/5xxx/CVE-2015-5239.json b/2015/5xxx/CVE-2015-5239.json index 913593a4326..4a78c458c68 100644 --- a/2015/5xxx/CVE-2015-5239.json +++ b/2015/5xxx/CVE-2015-5239.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5239", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,91 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QEMU", + "product": { + "product_data": [ + { + "product_name": "QEMU", + "version": { + "version_data": [ + { + "version_value": "before 2.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00026.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html" + }, + { + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00005.html" + }, + { + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html", + "url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00011.html" + }, + { + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2745-1", + "url": "http://www.ubuntu.com/usn/USN-2745-1" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/09/02/7", + "url": "http://www.openwall.com/lists/oss-security/2015/09/02/7" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/qemu/qemu/commit/f9a70e79391f6d7c2a912d785239ee8effc1922d", + "url": "https://github.com/qemu/qemu/commit/f9a70e79391f6d7c2a912d785239ee8effc1922d" } ] } diff --git a/2015/5xxx/CVE-2015-5253.json b/2015/5xxx/CVE-2015-5253.json index 56e963cf9eb..3b339d9fdd1 100644 --- a/2015/5xxx/CVE-2015-5253.json +++ b/2015/5xxx/CVE-2015-5253.json @@ -76,6 +76,11 @@ "name": "[oss-security] 20151114 New security advisory for Apache CXF", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/11/14/1" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2015/5xxx/CVE-2015-5278.json b/2015/5xxx/CVE-2015-5278.json index 56047e9103e..197290d536a 100644 --- a/2015/5xxx/CVE-2015-5278.json +++ b/2015/5xxx/CVE-2015-5278.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5278", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,81 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QEMU", + "product": { + "product_data": [ + { + "product_name": "QEMU", + "version": { + "version_data": [ + { + "version_value": "before 2.4.0.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html" + }, + { + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-2745-1", + "url": "http://www.ubuntu.com/usn/USN-2745-1" + }, + { + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html" + }, + { + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/09/15/2", + "url": "http://www.openwall.com/lists/oss-security/2015/09/15/2" } ] } diff --git a/2015/5xxx/CVE-2015-5333.json b/2015/5xxx/CVE-2015-5333.json index c8d93347640..5608be4f6cc 100644 --- a/2015/5xxx/CVE-2015-5333.json +++ b/2015/5xxx/CVE-2015-5333.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5333", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Leak" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LibreSSL", + "product": { + "product_data": [ + { + "product_name": "LibreSSL", + "version": { + "version_data": [ + { + "version_value": "before 2.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html", + "url": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html" + }, + { + "refsource": "CONFIRM", + "name": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt", + "url": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html", + "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html" } ] } diff --git a/2015/5xxx/CVE-2015-5334.json b/2015/5xxx/CVE-2015-5334.json index 2848d04c0c8..d1220135376 100644 --- a/2015/5xxx/CVE-2015-5334.json +++ b/2015/5xxx/CVE-2015-5334.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5334", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "LibreSSL", + "product": { + "product_data": [ + { + "product_name": "LibreSSL", + "version": { + "version_data": [ + { + "version_value": "before 2.3.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html", + "url": "http://packetstormsecurity.com/files/133998/Qualys-Security-Advisory-LibreSSL-Leak-Overflow.html" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Oct/75", + "url": "http://seclists.org/fulldisclosure/2015/Oct/75" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/536692/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html", + "url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00050.html" + }, + { + "refsource": "MISC", + "name": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt", + "url": "http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.1-relnotes.txt" } ] } diff --git a/2015/5xxx/CVE-2015-5466.json b/2015/5xxx/CVE-2015-5466.json index 0687f07a3fa..19b4e3c618f 100644 --- a/2015/5xxx/CVE-2015-5466.json +++ b/2015/5xxx/CVE-2015-5466.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5466", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/133400/XGI-Windows-VGA-Display-Manager-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/133400/XGI-Windows-VGA-Display-Manager-Privilege-Escalation.html" + }, + { + "refsource": "MISC", + "name": "https://www.korelogic.com/Resources/Advisories/KL-001-2015-004.txt", + "url": "https://www.korelogic.com/Resources/Advisories/KL-001-2015-004.txt" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/536373/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/536373/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Sep/2", + "url": "http://seclists.org/fulldisclosure/2015/Sep/2" } ] } diff --git a/2015/5xxx/CVE-2015-5484.json b/2015/5xxx/CVE-2015-5484.json index 663fc708db3..a4e0c3af8d4 100644 --- a/2015/5xxx/CVE-2015-5484.json +++ b/2015/5xxx/CVE-2015-5484.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5484", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting (XSS) vulnerability in the Plotly plugin before 1.0.3 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via a post." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-posts/", + "url": "https://security.dxw.com/advisories/stored-xss-in-plotly-allows-less-privileged-users-to-insert-arbitrary-javascript-into-posts/" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Jul/68", + "url": "http://seclists.org/fulldisclosure/2015/Jul/68" + }, + { + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-plotly/changelog/", + "url": "https://wordpress.org/plugins/wp-plotly/changelog/" } ] } diff --git a/2015/5xxx/CVE-2015-5745.json b/2015/5xxx/CVE-2015-5745.json index f42f7b8d3dd..e40b9d671db 100644 --- a/2015/5xxx/CVE-2015-5745.json +++ b/2015/5xxx/CVE-2015-5745.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-5745", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,81 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "QEMU", + "product": { + "product_data": [ + { + "product_name": "QEMU", + "version": { + "version_data": [ + { + "version_value": "before 2.4.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168671.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168077.html" + }, + { + "refsource": "MISC", + "name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168646.html" + }, + { + "refsource": "MISC", + "name": "https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html", + "url": "https://lists.gnu.org/archive/html/qemu-devel/2015-07/msg05458.html" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/08/06/3", + "url": "http://www.openwall.com/lists/oss-security/2015/08/06/3" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2015/08/06/5", + "url": "http://www.openwall.com/lists/oss-security/2015/08/06/5" + }, + { + "refsource": "MISC", + "name": "https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295", + "url": "https://github.com/qemu/qemu/commit/7882080388be5088e72c425b02223c02e6cb4295" } ] } diff --git a/2015/5xxx/CVE-2015-5952.json b/2015/5xxx/CVE-2015-5952.json index 47efd950424..25959af950f 100644 --- a/2015/5xxx/CVE-2015-5952.json +++ b/2015/5xxx/CVE-2015-5952.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-5952", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in Thomson Reuters for FATCA before 5.2 allows remote attackers to execute arbitrary files via the item parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Aug/24", + "url": "http://seclists.org/fulldisclosure/2015/Aug/24" } ] } diff --git a/2015/6xxx/CVE-2015-6497.json b/2015/6xxx/CVE-2015-6497.json index e08d30f08b4..d487c506ecd 100644 --- a/2015/6xxx/CVE-2015-6497.json +++ b/2015/6xxx/CVE-2015-6497.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-6497", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,71 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/133544/Magento-1.9.2-File-Inclusion.html", + "url": "http://packetstormsecurity.com/files/133544/Magento-1.9.2-File-Inclusion.html" + }, + { + "refsource": "MISC", + "name": "http://blog.mindedsecurity.com/2015/09/autoloaded-file-inclusion-in-magento.html", + "url": "http://blog.mindedsecurity.com/2015/09/autoloaded-file-inclusion-in-magento.html" + }, + { + "refsource": "MISC", + "name": "http://karmainsecurity.com/KIS-2015-04", + "url": "http://karmainsecurity.com/KIS-2015-04" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Sep/48", + "url": "http://seclists.org/fulldisclosure/2015/Sep/48" + }, + { + "refsource": "MISC", + "name": "http://magento.com/security/patches/supee-6482", + "url": "http://magento.com/security/patches/supee-6482" } ] } diff --git a/2015/6xxx/CVE-2015-6591.json b/2015/6xxx/CVE-2015-6591.json index 31486e4cc35..5e3636e6c3f 100644 --- a/2015/6xxx/CVE-2015-6591.json +++ b/2015/6xxx/CVE-2015-6591.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-6591", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/134081/articleFR-3.0.7-Arbitrary-File-Read.html", + "url": "http://packetstormsecurity.com/files/134081/articleFR-3.0.7-Arbitrary-File-Read.html" } ] } diff --git a/2015/6xxx/CVE-2015-6748.json b/2015/6xxx/CVE-2015-6748.json index d15ade869a2..91e3e240792 100644 --- a/2015/6xxx/CVE-2015-6748.json +++ b/2015/6xxx/CVE-2015-6748.json @@ -81,6 +81,11 @@ "name": "https://issues.jboss.org/browse/WFLY-5223?_sscc=t", "refsource": "CONFIRM", "url": "https://issues.jboss.org/browse/WFLY-5223?_sscc=t" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200126 [SECURITY] [DLA 2075-1] jsoup security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00021.html" } ] } diff --git a/2015/6xxx/CVE-2015-6907.json b/2015/6xxx/CVE-2015-6907.json index c9430ecc61e..edbf880782d 100644 --- a/2015/6xxx/CVE-2015-6907.json +++ b/2015/6xxx/CVE-2015-6907.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2015-6907", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2015-6907", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." } ] } diff --git a/2015/7xxx/CVE-2015-7556.json b/2015/7xxx/CVE-2015-7556.json index 05738853ce1..98b9483c265 100644 --- a/2015/7xxx/CVE-2015-7556.json +++ b/2015/7xxx/CVE-2015-7556.json @@ -1,8 +1,8 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-7556", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,56 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "National Institute of Advanced Industrial Science and Technology", + "product": { + "product_data": [ + { + "product_name": "DeleGate", + "version": { + "version_data": [ + { + "version_value": "9.9.13" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.vapidlabs.com/advisory.php?v=159", + "url": "http://www.vapidlabs.com/advisory.php?v=159" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Dec/123", + "url": "http://seclists.org/fulldisclosure/2015/Dec/123" } ] } diff --git a/2015/7xxx/CVE-2015-7851.json b/2015/7xxx/CVE-2015-7851.json index 78c73a834ed..5b4ebcf79af 100644 --- a/2015/7xxx/CVE-2015-7851.json +++ b/2015/7xxx/CVE-2015-7851.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7851", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.talosintel.com/reports/TALOS-2015-0062/", + "url": "http://www.talosintel.com/reports/TALOS-2015-0062/" + }, + { + "refsource": "MISC", + "name": "http://support.ntp.org/bin/view/Main/SecurityNotice", + "url": "http://support.ntp.org/bin/view/Main/SecurityNotice" + }, + { + "refsource": "MISC", + "name": "http://support.ntp.org/bin/view/Main/NtpBug2918", + "url": "http://support.ntp.org/bin/view/Main/NtpBug2918" } ] } diff --git a/2015/7xxx/CVE-2015-7874.json b/2015/7xxx/CVE-2015-7874.json index 8fbe98e5f62..1ea5aa70879 100644 --- a/2015/7xxx/CVE-2015-7874.json +++ b/2015/7xxx/CVE-2015-7874.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-7874", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and earlier allows remote attackers to execute arbitrary code via a long nickname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/39119/", + "url": "https://www.exploit-db.com/exploits/39119/" } ] } diff --git a/2015/8xxx/CVE-2015-8366.json b/2015/8xxx/CVE-2015-8366.json index b5efce21d11..bf868523fa9 100644 --- a/2015/8xxx/CVE-2015-8366.json +++ b/2015/8xxx/CVE-2015-8366.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8366", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html", + "url": "http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html" + }, + { + "refsource": "MISC", + "name": "http://www.libraw.org/news/libraw-0-17-1", + "url": "http://www.libraw.org/news/libraw-0-17-1" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Nov/108", + "url": "http://seclists.org/fulldisclosure/2015/Nov/108" } ] } diff --git a/2015/8xxx/CVE-2015-8367.json b/2015/8xxx/CVE-2015-8367.json index 7bf58eb2a95..87bc083140f 100644 --- a/2015/8xxx/CVE-2015-8367.json +++ b/2015/8xxx/CVE-2015-8367.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8367", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,61 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html", + "url": "http://packetstormsecurity.com/files/134573/LibRaw-0.17-Overflow.html" + }, + { + "refsource": "MISC", + "name": "http://www.libraw.org/news/libraw-0-17-1", + "url": "http://www.libraw.org/news/libraw-0-17-1" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2015/Nov/108", + "url": "http://seclists.org/fulldisclosure/2015/Nov/108" } ] } diff --git a/2015/8xxx/CVE-2015-8549.json b/2015/8xxx/CVE-2015-8549.json index 039102b93d2..073728b91c5 100644 --- a/2015/8xxx/CVE-2015-8549.json +++ b/2015/8xxx/CVE-2015-8549.json @@ -2,7 +2,7 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8549", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +11,66 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://www.ocert.org/advisories/ocert-2015-011.html", + "url": "http://www.ocert.org/advisories/ocert-2015-011.html" + }, + { + "refsource": "MISC", + "name": "http://www.securityfocus.com/archive/1/archive/1/537151/100/0/threaded", + "url": "http://www.securityfocus.com/archive/1/archive/1/537151/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "https://github.com/hydralabs/pyamf/pull/58", + "url": "https://github.com/hydralabs/pyamf/pull/58" + }, + { + "refsource": "MISC", + "name": "https://github.com/hydralabs/pyamf/releases/tag/v0.8.0", + "url": "https://github.com/hydralabs/pyamf/releases/tag/v0.8.0" } ] } diff --git a/2015/9xxx/CVE-2015-9251.json b/2015/9xxx/CVE-2015-9251.json index b3206ebeb22..6c6aa7e5dbd 100644 --- a/2015/9xxx/CVE-2015-9251.json +++ b/2015/9xxx/CVE-2015-9251.json @@ -191,6 +191,11 @@ "refsource": "CONFIRM", "name": "https://www.tenable.com/security/tns-2019-08", "url": "https://www.tenable.com/security/tns-2019-08" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2015/9xxx/CVE-2015-9275.json b/2015/9xxx/CVE-2015-9275.json index e354b93b28d..09479833570 100644 --- a/2015/9xxx/CVE-2015-9275.json +++ b/2015/9xxx/CVE-2015-9275.json @@ -61,6 +61,11 @@ "name": "https://bugs.debian.org/774527", "refsource": "MISC", "url": "https://bugs.debian.org/774527" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0103", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00048.html" } ] } diff --git a/2015/9xxx/CVE-2015-9541.json b/2015/9xxx/CVE-2015-9541.json new file mode 100644 index 00000000000..fb9206975da --- /dev/null +++ b/2015/9xxx/CVE-2015-9541.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugreports.qt.io/browse/QTBUG-47417", + "refsource": "MISC", + "name": "https://bugreports.qt.io/browse/QTBUG-47417" + } + ] + } +} \ No newline at end of file diff --git a/2016/0xxx/CVE-2016-0701.json b/2016/0xxx/CVE-2016-0701.json index 3b314e5c4a4..b178e43f28f 100644 --- a/2016/0xxx/CVE-2016-0701.json +++ b/2016/0xxx/CVE-2016-0701.json @@ -146,6 +146,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/0xxx/CVE-2016-0772.json b/2016/0xxx/CVE-2016-0772.json index 3c9583ce0bf..fb39897d7e3 100644 --- a/2016/0xxx/CVE-2016-0772.json +++ b/2016/0xxx/CVE-2016-0772.json @@ -136,6 +136,11 @@ "name": "RHSA-2016:1626", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1626.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2016/1000xxx/CVE-2016-1000022.json b/2016/1000xxx/CVE-2016-1000022.json index 0bbac96a332..3abef6a4615 100644 --- a/2016/1000xxx/CVE-2016-1000022.json +++ b/2016/1000xxx/CVE-2016-1000022.json @@ -1,86 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2016-1000022", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-1000022", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "negotiator before 0.6.1 is vulnerable to a regular expression DoS" - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "name": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000022.json", - "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000022.json" - }, - { - "url": "https://security-tracker.debian.org/tracker/CVE-2016-1000022", - "refsource": "MISC", - "name": "https://security-tracker.debian.org/tracker/CVE-2016-1000022" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000022", - "refsource": "MISC", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1000022" - }, - { - "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000022", - "refsource": "MISC", - "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2016-1000022" - }, - { - "url": "https://access.redhat.com/errata/RHSA-2016:1605", - "refsource": "MISC", - "name": "https://access.redhat.com/errata/RHSA-2016:1605" - }, - { - "refsource": "MISC", - "name": "https://www.npmjs.com/advisories/106", - "url": "https://www.npmjs.com/advisories/106" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10539. Reason: This candidate is a duplicate of CVE-2016-10539. Notes: All CVE users should reference CVE-2016-10539 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2016/1000xxx/CVE-2016-1000031.json b/2016/1000xxx/CVE-2016-1000031.json index f0732178307..b2f5a516dc1 100644 --- a/2016/1000xxx/CVE-2016-1000031.json +++ b/2016/1000xxx/CVE-2016-1000031.json @@ -136,6 +136,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/1000xxx/CVE-2016-1000110.json b/2016/1000xxx/CVE-2016-1000110.json index 74395a1d608..8cc1d48bed4 100644 --- a/2016/1000xxx/CVE-2016-1000110.json +++ b/2016/1000xxx/CVE-2016-1000110.json @@ -71,6 +71,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7K3WFJO3SJQCODKRKU6EQV3ZGHH53YPU/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2016/1000xxx/CVE-2016-1000237.json b/2016/1000xxx/CVE-2016-1000237.json index 3f4f14ca6f8..e2317fb6f65 100644 --- a/2016/1000xxx/CVE-2016-1000237.json +++ b/2016/1000xxx/CVE-2016-1000237.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-1000237", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "sanitize-html before 1.4.3 has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000237.json", + "refsource": "MISC", + "name": "https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000237.json" + }, + { + "url": "https://nodesecurity.io/advisories/135", + "refsource": "MISC", + "name": "https://nodesecurity.io/advisories/135" } ] } diff --git a/2016/10xxx/CVE-2016-10735.json b/2016/10xxx/CVE-2016-10735.json index 67924268322..a8b7a7bfcab 100644 --- a/2016/10xxx/CVE-2016-10735.json +++ b/2016/10xxx/CVE-2016-10735.json @@ -101,6 +101,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:3023", "url": "https://access.redhat.com/errata/RHSA-2019:3023" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0132", + "url": "https://access.redhat.com/errata/RHSA-2020:0132" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0133", + "url": "https://access.redhat.com/errata/RHSA-2020:0133" } ] } diff --git a/2016/11xxx/CVE-2016-11018.json b/2016/11xxx/CVE-2016-11018.json new file mode 100644 index 00000000000..d5dda28de55 --- /dev/null +++ b/2016/11xxx/CVE-2016-11018.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-11018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://plugins.trac.wordpress.org/browser/gallery-images/tags/1.8.9", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/gallery-images/tags/1.8.9" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/gallery-images/tags/1.9.0", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/gallery-images/tags/1.9.0" + }, + { + "refsource": "MISC", + "name": "http://10degres.net/cve-2016-11018-image-gallery-sql-injection/", + "url": "http://10degres.net/cve-2016-11018-image-gallery-sql-injection/" + } + ] + } +} \ No newline at end of file diff --git a/2016/1xxx/CVE-2016-1181.json b/2016/1xxx/CVE-2016-1181.json index becc64b305a..c12baade424 100644 --- a/2016/1xxx/CVE-2016-1181.json +++ b/2016/1xxx/CVE-2016-1181.json @@ -146,6 +146,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/1xxx/CVE-2016-1182.json b/2016/1xxx/CVE-2016-1182.json index ec7d7d1fb85..b4b4d1f95da 100644 --- a/2016/1xxx/CVE-2016-1182.json +++ b/2016/1xxx/CVE-2016-1182.json @@ -141,6 +141,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/2xxx/CVE-2016-2090.json b/2016/2xxx/CVE-2016-2090.json index 83c9a2dc97b..898501c8aff 100644 --- a/2016/2xxx/CVE-2016-2090.json +++ b/2016/2xxx/CVE-2016-2090.json @@ -91,6 +91,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191230 [SECURITY] [DLA 2052-1] libbsd security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00036.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4243-1", + "url": "https://usn.ubuntu.com/4243-1/" } ] } diff --git a/2016/2xxx/CVE-2016-2183.json b/2016/2xxx/CVE-2016-2183.json index 5c68d5902bc..e9f7aece10e 100644 --- a/2016/2xxx/CVE-2016-2183.json +++ b/2016/2xxx/CVE-2016-2183.json @@ -411,6 +411,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2859", "url": "https://access.redhat.com/errata/RHSA-2019:2859" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/4xxx/CVE-2016-4000.json b/2016/4xxx/CVE-2016-4000.json index 8f85ab1a482..2893dbd4b14 100644 --- a/2016/4xxx/CVE-2016-4000.json +++ b/2016/4xxx/CVE-2016-4000.json @@ -121,6 +121,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/4xxx/CVE-2016-4303.json b/2016/4xxx/CVE-2016-4303.json index c020207041b..e7e9f3d34b3 100644 --- a/2016/4xxx/CVE-2016-4303.json +++ b/2016/4xxx/CVE-2016-4303.json @@ -86,6 +86,11 @@ "name": "openSUSE-SU-2016:2121", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00090.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200127 [SECURITY] [DLA 2080-1] iperf3 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00023.html" } ] } diff --git a/2016/4xxx/CVE-2016-4464.json b/2016/4xxx/CVE-2016-4464.json index a66fbe15e52..d15fe88fd38 100644 --- a/2016/4xxx/CVE-2016-4464.json +++ b/2016/4xxx/CVE-2016-4464.json @@ -76,6 +76,11 @@ "name": "https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=commit;h=0006581e9cacbeef46381a223e5671e524d416b6", "refsource": "CONFIRM", "url": "https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=commit;h=0006581e9cacbeef46381a223e5671e524d416b6" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2016/4xxx/CVE-2016-4761.json b/2016/4xxx/CVE-2016-4761.json index f8c809dc72c..d12ced345d4 100644 --- a/2016/4xxx/CVE-2016-4761.json +++ b/2016/4xxx/CVE-2016-4761.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "product-security@apple.com", "ID": "CVE-2016-4761", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebKitGTK+", + "version": { + "version_data": [ + { + "version_value": "before 2.14.0" + } + ] + } + } + ] + }, + "vendor_name": "WebKitGTK+" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.openwall.com/lists/oss-security/2016/11/04/14", + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2016/11/04/14" + }, + { + "url": "http://www.ubuntu.com/usn/USN-3166-1", + "refsource": "MISC", + "name": "http://www.ubuntu.com/usn/USN-3166-1" } ] } diff --git a/2016/5xxx/CVE-2016-5003.json b/2016/5xxx/CVE-2016-5003.json index c36c7344b36..1b7483686c1 100644 --- a/2016/5xxx/CVE-2016-5003.json +++ b/2016/5xxx/CVE-2016-5003.json @@ -106,6 +106,16 @@ "name": "RHSA-2018:3768", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3768" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200116 [CVE-2019-17570] xmlrpc-common untrusted deserialization", + "url": "http://www.openwall.com/lists/oss-security/2020/01/16/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200124 RE: [CVE-2019-17570] xmlrpc-common untrusted deserialization", + "url": "http://www.openwall.com/lists/oss-security/2020/01/24/2" } ] } diff --git a/2016/5xxx/CVE-2016-5017.json b/2016/5xxx/CVE-2016-5017.json index 4282808c3de..f23ad7f0263 100644 --- a/2016/5xxx/CVE-2016-5017.json +++ b/2016/5xxx/CVE-2016-5017.json @@ -96,6 +96,11 @@ "refsource": "MLIST", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2016/5xxx/CVE-2016-5019.json b/2016/5xxx/CVE-2016-5019.json index b90044ca083..7c0de80ad4e 100644 --- a/2016/5xxx/CVE-2016-5019.json +++ b/2016/5xxx/CVE-2016-5019.json @@ -106,6 +106,11 @@ "name": "1037633", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1037633" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/5xxx/CVE-2016-5636.json b/2016/5xxx/CVE-2016-5636.json index 2dc79fed086..d8d2bd1e29f 100644 --- a/2016/5xxx/CVE-2016-5636.json +++ b/2016/5xxx/CVE-2016-5636.json @@ -121,6 +121,11 @@ "name": "RHSA-2016:2586", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-2586.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2016/5xxx/CVE-2016-5699.json b/2016/5xxx/CVE-2016-5699.json index 56349327ac8..be7dddcdb67 100644 --- a/2016/5xxx/CVE-2016-5699.json +++ b/2016/5xxx/CVE-2016-5699.json @@ -141,6 +141,11 @@ "name": "RHSA-2016:1626", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2016-1626.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2016/6xxx/CVE-2016-6306.json b/2016/6xxx/CVE-2016-6306.json index 46a86ab1721..d6b9a5a6c0b 100644 --- a/2016/6xxx/CVE-2016-6306.json +++ b/2016/6xxx/CVE-2016-6306.json @@ -196,6 +196,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/6xxx/CVE-2016-6592.json b/2016/6xxx/CVE-2016-6592.json index 0183e1bfae6..75b5ee9ebb4 100644 --- a/2016/6xxx/CVE-2016-6592.json +++ b/2016/6xxx/CVE-2016-6592.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secure@symantec.com", "ID": "CVE-2016-6592", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Norton Download Manager", + "version": { + "version_data": [ + { + "version_value": "2016" + } + ] + } + } + ] + }, + "vendor_name": "Symantec" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,53 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Symantec Norton Download Manager versions prior to 5.6. A remote user can create a specially crafted DLL file that, when placed on the target user's system, will cause the Norton Download Manager component to load the remote user's DLL instead of the intended DLL and execute arbitrary code when the Norton Download Manager component is run by the target user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Other" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.securityfocus.com/bid/94695", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/94695" + }, + { + "url": "http://www.securityfocus.com/bid/95444", + "refsource": "MISC", + "name": "http://www.securityfocus.com/bid/95444" + }, + { + "url": "http://www.securitytracker.com/id/1037622", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1037622" + }, + { + "url": "http://www.securitytracker.com/id/1037623", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1037623" + }, + { + "url": "http://www.securitytracker.com/id/1037624", + "refsource": "MISC", + "name": "http://www.securitytracker.com/id/1037624" + }, + { + "refsource": "CONFIRM", + "name": "https://support.symantec.com/us/en/article.SYMSA1394.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1394.html" } ] } diff --git a/2016/6xxx/CVE-2016-6812.json b/2016/6xxx/CVE-2016-6812.json index 17a2a442045..40b67c8db12 100644 --- a/2016/6xxx/CVE-2016-6812.json +++ b/2016/6xxx/CVE-2016-6812.json @@ -80,6 +80,11 @@ "name": "97582", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97582" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2016/6xxx/CVE-2016-6814.json b/2016/6xxx/CVE-2016-6814.json index 64faaa88f75..02237fdac5c 100644 --- a/2016/6xxx/CVE-2016-6814.json +++ b/2016/6xxx/CVE-2016-6814.json @@ -117,6 +117,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/8xxx/CVE-2016-8610.json b/2016/8xxx/CVE-2016-8610.json index 67f7537e5ff..1d69a6defca 100644 --- a/2016/8xxx/CVE-2016-8610.json +++ b/2016/8xxx/CVE-2016-8610.json @@ -181,6 +181,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2016/8xxx/CVE-2016-8739.json b/2016/8xxx/CVE-2016-8739.json index 8cc57540d8a..c7ea7b124f3 100644 --- a/2016/8xxx/CVE-2016-8739.json +++ b/2016/8xxx/CVE-2016-8739.json @@ -75,6 +75,11 @@ "name": "http://cxf.apache.org/security-advisories.data/CVE-2016-8739.txt.asc", "refsource": "CONFIRM", "url": "http://cxf.apache.org/security-advisories.data/CVE-2016-8739.txt.asc" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2016/9xxx/CVE-2016-9840.json b/2016/9xxx/CVE-2016-9840.json index cc0105bdb13..e4e77ed8536 100644 --- a/2016/9xxx/CVE-2016-9840.json +++ b/2016/9xxx/CVE-2016-9840.json @@ -176,6 +176,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4246-1", + "url": "https://usn.ubuntu.com/4246-1/" } ] } diff --git a/2016/9xxx/CVE-2016-9841.json b/2016/9xxx/CVE-2016-9841.json index 85ee749ebaf..55cc36f2461 100644 --- a/2016/9xxx/CVE-2016-9841.json +++ b/2016/9xxx/CVE-2016-9841.json @@ -191,6 +191,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4246-1", + "url": "https://usn.ubuntu.com/4246-1/" } ] } diff --git a/2016/9xxx/CVE-2016-9842.json b/2016/9xxx/CVE-2016-9842.json index 573120fe1ac..db70a27ccc6 100644 --- a/2016/9xxx/CVE-2016-9842.json +++ b/2016/9xxx/CVE-2016-9842.json @@ -176,6 +176,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4246-1", + "url": "https://usn.ubuntu.com/4246-1/" } ] } diff --git a/2016/9xxx/CVE-2016-9843.json b/2016/9xxx/CVE-2016-9843.json index 6be4b1fa319..4aa3ef0cac3 100644 --- a/2016/9xxx/CVE-2016-9843.json +++ b/2016/9xxx/CVE-2016-9843.json @@ -191,6 +191,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190324 [SECURITY] [DLA 1725-1] rsync security update", "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4246-1", + "url": "https://usn.ubuntu.com/4246-1/" } ] } diff --git a/2017/1000xxx/CVE-2017-1000376.json b/2017/1000xxx/CVE-2017-1000376.json index a07bd991ce7..3ce410de8ea 100644 --- a/2017/1000xxx/CVE-2017-1000376.json +++ b/2017/1000xxx/CVE-2017-1000376.json @@ -67,6 +67,11 @@ "name": "DSA-3889", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3889" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/12xxx/CVE-2017-12624.json b/2017/12xxx/CVE-2017-12624.json index 1f0f0c6164a..6ae17352945 100644 --- a/2017/12xxx/CVE-2017-12624.json +++ b/2017/12xxx/CVE-2017-12624.json @@ -90,6 +90,11 @@ "name": "http://cxf.apache.org/security-advisories.data/CVE-2017-12624.txt.asc", "refsource": "CONFIRM", "url": "http://cxf.apache.org/security-advisories.data/CVE-2017-12624.txt.asc" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2017/12xxx/CVE-2017-12626.json b/2017/12xxx/CVE-2017-12626.json index 9c7752f4a58..633c7bd1ddc 100644 --- a/2017/12xxx/CVE-2017-12626.json +++ b/2017/12xxx/CVE-2017-12626.json @@ -77,6 +77,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/12xxx/CVE-2017-12631.json b/2017/12xxx/CVE-2017-12631.json index 9bdb215d518..fb40a06365b 100644 --- a/2017/12xxx/CVE-2017-12631.json +++ b/2017/12xxx/CVE-2017-12631.json @@ -70,6 +70,11 @@ "name": "[cxf-user] 20171130 Apache CXF Fediz 1.4.3 and 1.3.3 released with a new security advisory CVE-2017-12631", "refsource": "MLIST", "url": "http://cxf.547215.n5.nabble.com/Apache-CXF-Fediz-1-4-3-and-1-3-3-released-with-a-new-security-advisory-CVE-2017-12631-td5785868.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2017/14xxx/CVE-2017-14735.json b/2017/14xxx/CVE-2017-14735.json index 61f6750c6db..86d9167bb83 100644 --- a/2017/14xxx/CVE-2017-14735.json +++ b/2017/14xxx/CVE-2017-14735.json @@ -76,6 +76,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/14xxx/CVE-2017-14806.json b/2017/14xxx/CVE-2017-14806.json index fa1c3900fd6..f915e8867f6 100644 --- a/2017/14xxx/CVE-2017-14806.json +++ b/2017/14xxx/CVE-2017-14806.json @@ -1,9 +1,42 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2020-01-27T00:00:00.000Z", "ID": "CVE-2017-14806", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Insecure handling of repodata and packages in SUSE Studio onlite" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Studio onsite", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "susestudio-common", + "version_value": "1.3.17-56.6.3" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Johannes Segitz of SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +44,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295: Improper Certificate Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1065397", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1065397" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1065397", + "defect": [ + "1065397" + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2017/14xxx/CVE-2017-14807.json b/2017/14xxx/CVE-2017-14807.json index bfcdb7cc006..cc4326e6d67 100644 --- a/2017/14xxx/CVE-2017-14807.json +++ b/2017/14xxx/CVE-2017-14807.json @@ -1,9 +1,42 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2020-01-27T00:00:00.000Z", "ID": "CVE-2017-14807", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "SQL injection in ui-server/app/models/diary_entry.rb in SUSE Studio onsite" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Studio onsite", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "susestudio-ui-server", + "version_value": "1.3.17-56.6.3" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Johannes Segitz of SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +44,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects: SUSE Studio onsite susestudio-ui-server version 1.3.17-56.6.3 and prior versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1065396", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1065396" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1065396", + "defect": [ + "1065396" + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2017/15xxx/CVE-2017-15708.json b/2017/15xxx/CVE-2017-15708.json index 428d5d9dd01..ed1669472ed 100644 --- a/2017/15xxx/CVE-2017-15708.json +++ b/2017/15xxx/CVE-2017-15708.json @@ -77,6 +77,11 @@ "name": "[dev] 20171210 [CVE-2017-15708] Apache Synapse Remote Code Execution Vulnerability", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/77f2accf240d25d91b47033e2f8ebec84ffbc6e6627112b2f98b66c9@%3Cdev.synapse.apache.org%3E" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/15xxx/CVE-2017-15906.json b/2017/15xxx/CVE-2017-15906.json index e833bd5d6d8..e4c5a71fb66 100644 --- a/2017/15xxx/CVE-2017-15906.json +++ b/2017/15xxx/CVE-2017-15906.json @@ -86,6 +86,11 @@ "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2017/16xxx/CVE-2017-16112.json b/2017/16xxx/CVE-2017-16112.json index af03bf9cc28..b3dec0c8351 100644 --- a/2017/16xxx/CVE-2017-16112.json +++ b/2017/16xxx/CVE-2017-16112.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2017-16112", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-16112", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs:CVE-2017-15010. Reason: This candidate is a reservation duplicate of CVE-2017-15010. Notes: All CVE users should reference CVE-2017-15010 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2017/16xxx/CVE-2017-16545.json b/2017/16xxx/CVE-2017-16545.json index cfee5dc0476..e863dca8228 100644 --- a/2017/16xxx/CVE-2017-16545.json +++ b/2017/16xxx/CVE-2017-16545.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-425a1aa7c9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4248-1", + "url": "https://usn.ubuntu.com/4248-1/" } ] } diff --git a/2017/16xxx/CVE-2017-16547.json b/2017/16xxx/CVE-2017-16547.json index 78c11b6cabf..ee741408929 100644 --- a/2017/16xxx/CVE-2017-16547.json +++ b/2017/16xxx/CVE-2017-16547.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-425a1aa7c9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4248-1", + "url": "https://usn.ubuntu.com/4248-1/" } ] } diff --git a/2017/16xxx/CVE-2017-16669.json b/2017/16xxx/CVE-2017-16669.json index 125b5d407a3..c859ca14b46 100644 --- a/2017/16xxx/CVE-2017-16669.json +++ b/2017/16xxx/CVE-2017-16669.json @@ -116,6 +116,11 @@ "name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0", "refsource": "MISC", "url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0" + }, + { + "refsource": "UBUNTU", + "name": "USN-4248-1", + "url": "https://usn.ubuntu.com/4248-1/" } ] } diff --git a/2017/17xxx/CVE-2017-17309.json b/2017/17xxx/CVE-2017-17309.json index 4696dc4887c..41c1144e033 100644 --- a/2017/17xxx/CVE-2017-17309.json +++ b/2017/17xxx/CVE-2017-17309.json @@ -56,6 +56,11 @@ "name": "http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170911-01-hg255s-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-notices/2017/huawei-sn-20170911-01-hg255s-en" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155954/Huawei-HG255-Directory-Traversal.html", + "url": "http://packetstormsecurity.com/files/155954/Huawei-HG255-Directory-Traversal.html" } ] } diff --git a/2017/17xxx/CVE-2017-17498.json b/2017/17xxx/CVE-2017-17498.json index 01c3fd8d5c6..6f2490f8d18 100644 --- a/2017/17xxx/CVE-2017-17498.json +++ b/2017/17xxx/CVE-2017-17498.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-425a1aa7c9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4248-1", + "url": "https://usn.ubuntu.com/4248-1/" } ] } diff --git a/2017/17xxx/CVE-2017-17500.json b/2017/17xxx/CVE-2017-17500.json index 83cfbbd5626..c2b4e57e846 100644 --- a/2017/17xxx/CVE-2017-17500.json +++ b/2017/17xxx/CVE-2017-17500.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-425a1aa7c9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4248-1", + "url": "https://usn.ubuntu.com/4248-1/" } ] } diff --git a/2017/17xxx/CVE-2017-17501.json b/2017/17xxx/CVE-2017-17501.json index 272c7bfb2ac..c1329871d2d 100644 --- a/2017/17xxx/CVE-2017-17501.json +++ b/2017/17xxx/CVE-2017-17501.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-425a1aa7c9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4248-1", + "url": "https://usn.ubuntu.com/4248-1/" } ] } diff --git a/2017/17xxx/CVE-2017-17502.json b/2017/17xxx/CVE-2017-17502.json index 2679ecb8b7c..37c77276321 100644 --- a/2017/17xxx/CVE-2017-17502.json +++ b/2017/17xxx/CVE-2017-17502.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-425a1aa7c9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4248-1", + "url": "https://usn.ubuntu.com/4248-1/" } ] } diff --git a/2017/17xxx/CVE-2017-17503.json b/2017/17xxx/CVE-2017-17503.json index 594081a1c84..8fb08cbf3c6 100644 --- a/2017/17xxx/CVE-2017-17503.json +++ b/2017/17xxx/CVE-2017-17503.json @@ -86,6 +86,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-425a1aa7c9", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4248-1", + "url": "https://usn.ubuntu.com/4248-1/" } ] } diff --git a/2017/17xxx/CVE-2017-17555.json b/2017/17xxx/CVE-2017-17555.json index 7e2d89aaa5d..a4e720abb67 100644 --- a/2017/17xxx/CVE-2017-17555.json +++ b/2017/17xxx/CVE-2017-17555.json @@ -56,6 +56,11 @@ "name": "https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md", "refsource": "MISC", "url": "https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0024", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html" } ] } diff --git a/2017/17xxx/CVE-2017-17782.json b/2017/17xxx/CVE-2017-17782.json index 586f04c0e6a..7dea77c0b5a 100644 --- a/2017/17xxx/CVE-2017-17782.json +++ b/2017/17xxx/CVE-2017-17782.json @@ -76,6 +76,11 @@ "name": "https://sourceforge.net/p/graphicsmagick/bugs/530/", "refsource": "CONFIRM", "url": "https://sourceforge.net/p/graphicsmagick/bugs/530/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4248-1", + "url": "https://usn.ubuntu.com/4248-1/" } ] } diff --git a/2017/17xxx/CVE-2017-17783.json b/2017/17xxx/CVE-2017-17783.json index 4a9110cc4b0..8182726c991 100644 --- a/2017/17xxx/CVE-2017-17783.json +++ b/2017/17xxx/CVE-2017-17783.json @@ -66,6 +66,11 @@ "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=60932931559a", "refsource": "CONFIRM", "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=60932931559a" + }, + { + "refsource": "UBUNTU", + "name": "USN-4248-1", + "url": "https://usn.ubuntu.com/4248-1/" } ] } diff --git a/2017/18xxx/CVE-2017-18207.json b/2017/18xxx/CVE-2017-18207.json index 2605dd4e018..2e75dc1cf2f 100644 --- a/2017/18xxx/CVE-2017-18207.json +++ b/2017/18xxx/CVE-2017-18207.json @@ -56,6 +56,11 @@ "name": "https://bugs.python.org/issue32056", "refsource": "MISC", "url": "https://bugs.python.org/issue32056" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2017/3xxx/CVE-2017-3156.json b/2017/3xxx/CVE-2017-3156.json index 6dbba425291..37889022655 100644 --- a/2017/3xxx/CVE-2017-3156.json +++ b/2017/3xxx/CVE-2017-3156.json @@ -70,6 +70,11 @@ "name": "http://cxf.apache.org/security-advisories.data/CVE-2017-3156.txt.asc", "refsource": "CONFIRM", "url": "http://cxf.apache.org/security-advisories.data/CVE-2017-3156.txt.asc" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2017/3xxx/CVE-2017-3164.json b/2017/3xxx/CVE-2017-3164.json index 0ea03c1bf6b..9a91b493e34 100644 --- a/2017/3xxx/CVE-2017-3164.json +++ b/2017/3xxx/CVE-2017-3164.json @@ -97,6 +97,11 @@ "refsource": "MLIST", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2017/3xxx/CVE-2017-3211.json b/2017/3xxx/CVE-2017-3211.json old mode 100644 new mode 100755 index fa396139464..bc9059fea21 --- a/2017/3xxx/CVE-2017-3211.json +++ b/2017/3xxx/CVE-2017-3211.json @@ -1,9 +1,42 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", + "DATE_PUBLIC": "2017-05-17T00:00:00.000Z", "ID": "CVE-2017-3211", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Centire Yopify leaks customer information" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Yopify", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "2017-04-06", + "version_value": "2017-04-06" + } + ] + } + } + ] + }, + "vendor_name": "Centire" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability was discovered by Oliver Keyes, a Rapid7, Inc. senior data scientist." + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +44,60 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks the first name, last initial, city, and recent purchase data of customers, all without user authorization." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Yopify works by having the e-commerce site load a JavaScript widget from the Yopify servers, which contains both the code to generate the UI element and the data used to populate it, stored as JSON. This widget does not require any authorization beyond a site-specific API key, which is embedded in the e-commerce site's source code, and is easily extractable with a regular expression.\n\nThe result is that by scraping a customer site to grab the API key and then simply running something like:\ncurl 'https://yopify.com/api/yo/js/yo/3edb675e08e9c7fe22d243e44d184cdf/events.js?t=1490157080'\n\nwhere 3edb675e08e9c7fe22d243e44d184cdf is the site ID and t is a cache buster, someone can remotely grab the data pertaining to the last 50 customers. This is updated as purchases are made. Thus an attacker can poll every few hours for a few days/weeks/months and build up a database of an e-commerce site's customer set and associated purchasers.\n\nThe data exposed to this polling was, however, far more extensive than the data displayed. While the pop-up only provides first name and last initial, the JSON blob originally contained first and last names in their entirety, along with city-level geolocation. While the casual online customer wouldn't have seen that, a malicious technical user could have trivially gained enough information to potentially target specific users of specific niche e-commerce sites.\n\n\n\n\n\n \n" + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-213 Intentional Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.rapid7.com/2017/05/31/r7-2017-05-centire-yopify-information-disclosure-cve-2017-3211/", + "refsource": "MISC", + "url": "https://blog.rapid7.com/2017/05/31/r7-2017-05-centire-yopify-information-disclosure-cve-2017-3211/" + } + ] + }, + "source": { + "defect": [ + "R7-2017-05" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2017/5xxx/CVE-2017-5030.json b/2017/5xxx/CVE-2017-5030.json index 4e09c423448..9a628cbbc4a 100644 --- a/2017/5xxx/CVE-2017-5030.json +++ b/2017/5xxx/CVE-2017-5030.json @@ -81,6 +81,11 @@ "name": "RHSA-2017:0499", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2017-0499.html" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-126/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-126/" } ] } diff --git a/2017/5xxx/CVE-2017-5637.json b/2017/5xxx/CVE-2017-5637.json index d027e18bf64..e20905faa85 100644 --- a/2017/5xxx/CVE-2017-5637.json +++ b/2017/5xxx/CVE-2017-5637.json @@ -100,6 +100,11 @@ "refsource": "MLIST", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2017/5xxx/CVE-2017-5645.json b/2017/5xxx/CVE-2017-5645.json index c32eace13a5..1e57c852c37 100644 --- a/2017/5xxx/CVE-2017-5645.json +++ b/2017/5xxx/CVE-2017-5645.json @@ -286,6 +286,71 @@ "refsource": "MLIST", "name": "[tika-dev] 20200108 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", "url": "https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3Cdev.tika.apache.org%3E" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", + "url": "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Updated] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", + "url": "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", + "url": "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200127 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78@%3Cissues.activemq.apache.org%3E" } ] } diff --git a/2017/5xxx/CVE-2017-5653.json b/2017/5xxx/CVE-2017-5653.json index bc631ecec76..70fcf65a954 100644 --- a/2017/5xxx/CVE-2017-5653.json +++ b/2017/5xxx/CVE-2017-5653.json @@ -74,6 +74,11 @@ "name": "97968", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97968" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2017/5xxx/CVE-2017-5656.json b/2017/5xxx/CVE-2017-5656.json index 43ec036a4ab..7493b1ca424 100644 --- a/2017/5xxx/CVE-2017-5656.json +++ b/2017/5xxx/CVE-2017-5656.json @@ -79,6 +79,11 @@ "name": "RHSA-2018:1694", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1694" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2017/7xxx/CVE-2017-7418.json b/2017/7xxx/CVE-2017-7418.json index bfe78eaee11..328c2c5b166 100644 --- a/2017/7xxx/CVE-2017-7418.json +++ b/2017/7xxx/CVE-2017-7418.json @@ -86,6 +86,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1870", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00022.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0031", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html" } ] } diff --git a/2017/7xxx/CVE-2017-7661.json b/2017/7xxx/CVE-2017-7661.json index 6ab73fed381..457541ef3d4 100644 --- a/2017/7xxx/CVE-2017-7661.json +++ b/2017/7xxx/CVE-2017-7661.json @@ -61,6 +61,11 @@ "name": "1038497", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038497" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2017/7xxx/CVE-2017-7662.json b/2017/7xxx/CVE-2017-7662.json index f2a711451bf..8548c69b625 100644 --- a/2017/7xxx/CVE-2017-7662.json +++ b/2017/7xxx/CVE-2017-7662.json @@ -61,6 +61,11 @@ "name": "1038498", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038498" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2018/0xxx/CVE-2018-0719.json b/2018/0xxx/CVE-2018-0719.json index 0e25145a4c8..38ca467765f 100644 --- a/2018/0xxx/CVE-2018-0719.json +++ b/2018/0xxx/CVE-2018-0719.json @@ -1,9 +1,10 @@ { "CVE_data_meta": { "ASSIGNER": "security@qnap.com", - "DATE_PUBLIC": "2018-09-20T00:00:00", + "DATE_PUBLIC": "2018-09-19T16:00:00.000Z", "ID": "CVE-2018-0719", - "STATE": "PUBLIC" + "STATE": "PUBLIC", + "TITLE": "Security Advisory for Vulnerabilities in QTS" }, "affects": { "vendor": { @@ -12,22 +13,40 @@ "product": { "product_data": [ { - "product_name": "QNAP QTS", + "product_name": "QTS", "version": { "version_data": [ { - "version_value": "QTS 4.2.6 build 20180711, QTS 4.3.3 build 20180725, QTS 4.3.4 build 20180710 and earlier versions" + "platform": "build 20180711", + "version_affected": "<=", + "version_value": "4.2.6" + }, + { + "platform": "build 20180725", + "version_affected": "<=", + "version_value": "4.3.3" + }, + { + "platform": "build 20180710", + "version_affected": "<=", + "version_value": "4.3.4" } ] } } ] }, - "vendor_name": "QNAP" + "vendor_name": "QNAP Systems Inc." } ] } }, + "credit": [ + { + "lang": "eng", + "value": "Davide Cioccia, security researcher" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -35,17 +54,36 @@ "description_data": [ { "lang": "eng", - "value": "Cross-site scripting (XSS) vulnerability in QNAP QTS 4.2.6 build 20180711 and earlier versions, 4.3.3 build 20180725 and earlier versions, and 4.3.4 build 20180710 and earlier versions could allow remote attackers to inject javascript code." + "value": "Cross-site Scripting (XSS) vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710." } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "Cross-site scripting" + "value": "CWE-79 Cross-site Scripting (XSS)" } ] } @@ -59,5 +97,8 @@ "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201809-20" } ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0721.json b/2018/0xxx/CVE-2018-0721.json index 59ae7d475bf..5e25bb6aedb 100644 --- a/2018/0xxx/CVE-2018-0721.json +++ b/2018/0xxx/CVE-2018-0721.json @@ -2,7 +2,8 @@ "CVE_data_meta": { "ASSIGNER": "security@qnap.com", "ID": "CVE-2018-0721", - "STATE": "PUBLIC" + "STATE": "PUBLIC", + "TITLE": "Security Advisory for Vulnerabilities in QTS" }, "affects": { "vendor": { @@ -11,22 +12,40 @@ "product": { "product_data": [ { - "product_name": "n/a", + "product_name": "QTS", "version": { "version_data": [ { - "version_value": "n/a" + "platform": "build 20180711", + "version_affected": "<=", + "version_value": "4.2.6" + }, + { + "platform": "build 20180725", + "version_affected": "<=", + "version_value": "4.3.3" + }, + { + "platform": "build 20180710", + "version_affected": "<=", + "version_value": "4.3.4" } ] } } ] }, - "vendor_name": "n/a" + "vendor_name": "QNAP Systems Inc." } ] } }, + "credit": [ + { + "lang": "eng", + "value": "Yuki, security researcher" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -34,17 +53,36 @@ "description_data": [ { "lang": "eng", - "value": "Buffer Overflow vulnerability in QNAP QTS 4.2.6 build 20180711 and earlier versions, 4.3.3 build 20180725 and earlier versions, and 4.3.4 build 20180710 and earlier versions could allow remote attackers to run arbitrary code on NAS devices." + "value": "Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710." } ] }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", + "version": "3.1" + } + }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", - "value": "n/a" + "value": "CWE-120 Buffer Overflow" } ] } @@ -58,5 +96,8 @@ "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201809-20" } ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2018/0xxx/CVE-2018-0734.json b/2018/0xxx/CVE-2018-0734.json index e3acfa04ab2..6f23a52840a 100644 --- a/2018/0xxx/CVE-2018-0734.json +++ b/2018/0xxx/CVE-2018-0734.json @@ -207,6 +207,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3932", "url": "https://access.redhat.com/errata/RHSA-2019:3932" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/0xxx/CVE-2018-0735.json b/2018/0xxx/CVE-2018-0735.json index e92d501fdff..421909664d5 100644 --- a/2018/0xxx/CVE-2018-0735.json +++ b/2018/0xxx/CVE-2018-0735.json @@ -139,6 +139,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3700", "url": "https://access.redhat.com/errata/RHSA-2019:3700" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/1000xxx/CVE-2018-1000030.json b/2018/1000xxx/CVE-2018-1000030.json index 7992612e6a5..a71c628be8d 100644 --- a/2018/1000xxx/CVE-2018-1000030.json +++ b/2018/1000xxx/CVE-2018-1000030.json @@ -99,6 +99,11 @@ "name": "https://bugs.python.org/issue31530", "refsource": "CONFIRM", "url": "https://bugs.python.org/issue31530" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/1000xxx/CVE-2018-1000802.json b/2018/1000xxx/CVE-2018-1000802.json index 313acc57e51..6686b1f934a 100644 --- a/2018/1000xxx/CVE-2018-1000802.json +++ b/2018/1000xxx/CVE-2018-1000802.json @@ -99,6 +99,11 @@ "name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1519-1] python2.7 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00030.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2018/1000xxx/CVE-2018-1000873.json b/2018/1000xxx/CVE-2018-1000873.json index 2bc5c86324e..fc593dd8701 100644 --- a/2018/1000xxx/CVE-2018-1000873.json +++ b/2018/1000xxx/CVE-2018-1000873.json @@ -104,6 +104,11 @@ "refsource": "MLIST", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2018/1002xxx/CVE-2018-1002102.json b/2018/1002xxx/CVE-2018-1002102.json index ca656608347..96adf20e242 100644 --- a/2018/1002xxx/CVE-2018-1002102.json +++ b/2018/1002xxx/CVE-2018-1002102.json @@ -79,6 +79,11 @@ "name": "https://github.com/kubernetes/kubernetes/issues/85867", "refsource": "CONFIRM", "url": "https://github.com/kubernetes/kubernetes/issues/85867" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-943f4b03d2", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q56CULSH7F7BC4NPS67ZS23ZCLL5TIVK/" } ] }, @@ -94,4 +99,4 @@ "value": "For Kubernetes versions >= v1.10.0, the ValidateProxyRedirects feature can be manually enabled with the kube-apiserver flag --feature-gates=ValidateProxyRedirects=true" } ] -} +} \ No newline at end of file diff --git a/2018/1002xxx/CVE-2018-1002104.json b/2018/1002xxx/CVE-2018-1002104.json index b19f709f74a..1c10a1a861a 100644 --- a/2018/1002xxx/CVE-2018-1002104.json +++ b/2018/1002xxx/CVE-2018-1002104.json @@ -1,10 +1,41 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "DATE_ASSIGNED": "2018-09-26", + "ASSIGNER": "security@kubernetes.io", + "DATE_PUBLIC": "2018-09-25", "ID": "CVE-2018-1002104", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "k8s.gcr.io/defaultbackend", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "defaultbackend", + "version_value": "1.5" + } + ] + } + } + ] + }, + "vendor_name": "Kubernetes" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Alexandre Malucelli" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -12,8 +43,60 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-215 Information Exposure Through Debug Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/kubernetes/ingress-nginx/pull/3125", + "refsource": "CONFIRM", + "url": "https://github.com/kubernetes/ingress-nginx/pull/3125" + } + ] + }, + "source": { + "defect": [ + "https://github.com/kubernetes/ingress-nginx/issues/1733" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "Mask the /metrics endpoint with an Ingress rule so that metrics aren't exposed publicly. See https://github.com/kubernetes/ingress-nginx/issues/1733#issuecomment-358492359" + } + ] } \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10103.json b/2018/10xxx/CVE-2018-10103.json index 98ce3279968..7ad6fb7ec7a 100644 --- a/2018/10xxx/CVE-2018-10103.json +++ b/2018/10xxx/CVE-2018-10103.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/10xxx/CVE-2018-10105.json b/2018/10xxx/CVE-2018-10105.json index ce4799757a2..83f3594dc8a 100644 --- a/2018/10xxx/CVE-2018-10105.json +++ b/2018/10xxx/CVE-2018-10105.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/10xxx/CVE-2018-10536.json b/2018/10xxx/CVE-2018-10536.json index 3a230a4a684..ddd82862126 100644 --- a/2018/10xxx/CVE-2018-10536.json +++ b/2018/10xxx/CVE-2018-10536.json @@ -91,6 +91,16 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html", "url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2018/10xxx/CVE-2018-10537.json b/2018/10xxx/CVE-2018-10537.json index c6a89ea92d1..c6c081575e9 100644 --- a/2018/10xxx/CVE-2018-10537.json +++ b/2018/10xxx/CVE-2018-10537.json @@ -91,6 +91,16 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html", "url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2018/10xxx/CVE-2018-10538.json b/2018/10xxx/CVE-2018-10538.json index 39866cc1ffb..5d0c9eb1c6c 100644 --- a/2018/10xxx/CVE-2018-10538.json +++ b/2018/10xxx/CVE-2018-10538.json @@ -81,6 +81,16 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html", "url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2018/10xxx/CVE-2018-10539.json b/2018/10xxx/CVE-2018-10539.json index 433d3abe3c4..b3fb4862d7c 100644 --- a/2018/10xxx/CVE-2018-10539.json +++ b/2018/10xxx/CVE-2018-10539.json @@ -81,6 +81,16 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html", "url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2018/10xxx/CVE-2018-10540.json b/2018/10xxx/CVE-2018-10540.json index 54c83f377e8..3247a872fb4 100644 --- a/2018/10xxx/CVE-2018-10540.json +++ b/2018/10xxx/CVE-2018-10540.json @@ -81,6 +81,16 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html", "url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2018/10xxx/CVE-2018-10653.json b/2018/10xxx/CVE-2018-10653.json index 98d5326fbae..82e19ccd7d2 100644 --- a/2018/10xxx/CVE-2018-10653.json +++ b/2018/10xxx/CVE-2018-10653.json @@ -56,6 +56,11 @@ "name": "https://support.citrix.com/article/CTX234879", "refsource": "CONFIRM", "url": "https://support.citrix.com/article/CTX234879" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156037/Citrix-XenMobile-Server-10.8-XML-Injection.html", + "url": "http://packetstormsecurity.com/files/156037/Citrix-XenMobile-Server-10.8-XML-Injection.html" } ] } diff --git a/2018/10xxx/CVE-2018-10853.json b/2018/10xxx/CVE-2018-10853.json index b3116de134d..bdc40411fcb 100644 --- a/2018/10xxx/CVE-2018-10853.json +++ b/2018/10xxx/CVE-2018-10853.json @@ -126,6 +126,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0036", "url": "https://access.redhat.com/errata/RHSA-2020:0036" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0103", + "url": "https://access.redhat.com/errata/RHSA-2020:0103" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0179", + "url": "https://access.redhat.com/errata/RHSA-2020:0179" } ] } diff --git a/2018/10xxx/CVE-2018-10899.json b/2018/10xxx/CVE-2018-10899.json index 6f0e05e847f..5f08f15efd6 100644 --- a/2018/10xxx/CVE-2018-10899.json +++ b/2018/10xxx/CVE-2018-10899.json @@ -68,6 +68,36 @@ "refsource": "MLIST", "name": "[activemq-issues] 20200102 [jira] [Created] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899", "url": "https://lists.apache.org/thread.html/1392fbebb4fbbec379a40d16e1288fe1e4c0289d257e5206051a3793@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200120 [jira] [Work logged] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899", + "url": "https://lists.apache.org/thread.html/rc169dac018d07e8ddf2a3bb2fd1efc6cbda4f83f1bbf7a8c798e7f4f@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Updated] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899", + "url": "https://lists.apache.org/thread.html/rf33ffbba619a4281ce592a6ed259c07a557aefb4975619d83c4122ea@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899", + "url": "https://lists.apache.org/thread.html/rdb0a59d7851e721b75beea13d6488e345a3e2735838e89d9269d7d32@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Commented] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899", + "url": "https://lists.apache.org/thread.html/r64701caec91c43efd7416d6bddef88447371101e00e8562741ede262@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Work logged] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899", + "url": "https://lists.apache.org/thread.html/r46f6dbc029f49e1f638c6eb82accb94b7f990d818cb3b3bc0007dd0a@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Resolved] (AMQ-7373) jolokia-core-1.6.0.jar is vulnerable to CVE-2018-10899", + "url": "https://lists.apache.org/thread.html/r67cdc50af9caf89c9ebe1bde08393a343dcd89edba1c63677f68f43b@%3Cissues.activemq.apache.org%3E" } ] }, diff --git a/2018/10xxx/CVE-2018-10904.json b/2018/10xxx/CVE-2018-10904.json index 0ed40b429ef..fc733df07a0 100644 --- a/2018/10xxx/CVE-2018-10904.json +++ b/2018/10xxx/CVE-2018-10904.json @@ -96,6 +96,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10907.json b/2018/10xxx/CVE-2018-10907.json index 94a12cd57e7..11d42733591 100644 --- a/2018/10xxx/CVE-2018-10907.json +++ b/2018/10xxx/CVE-2018-10907.json @@ -96,6 +96,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10911.json b/2018/10xxx/CVE-2018-10911.json index fef471bc95d..0851fde7ddd 100644 --- a/2018/10xxx/CVE-2018-10911.json +++ b/2018/10xxx/CVE-2018-10911.json @@ -122,6 +122,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10913.json b/2018/10xxx/CVE-2018-10913.json index 3a666478c44..e9cdd357896 100644 --- a/2018/10xxx/CVE-2018-10913.json +++ b/2018/10xxx/CVE-2018-10913.json @@ -96,6 +96,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10914.json b/2018/10xxx/CVE-2018-10914.json index 6a0e39c86b6..09130e6e3e1 100644 --- a/2018/10xxx/CVE-2018-10914.json +++ b/2018/10xxx/CVE-2018-10914.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10923.json b/2018/10xxx/CVE-2018-10923.json index bc384b9fe6a..77b322e8b11 100644 --- a/2018/10xxx/CVE-2018-10923.json +++ b/2018/10xxx/CVE-2018-10923.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10924.json b/2018/10xxx/CVE-2018-10924.json index 7355d71d535..17a73033a14 100644 --- a/2018/10xxx/CVE-2018-10924.json +++ b/2018/10xxx/CVE-2018-10924.json @@ -76,6 +76,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10926.json b/2018/10xxx/CVE-2018-10926.json index d384fc3044f..d26681170e5 100644 --- a/2018/10xxx/CVE-2018-10926.json +++ b/2018/10xxx/CVE-2018-10926.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10927.json b/2018/10xxx/CVE-2018-10927.json index a8267c10725..faaf6c410eb 100644 --- a/2018/10xxx/CVE-2018-10927.json +++ b/2018/10xxx/CVE-2018-10927.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10928.json b/2018/10xxx/CVE-2018-10928.json index 8cdb8cdd8e2..3d5090a49ee 100644 --- a/2018/10xxx/CVE-2018-10928.json +++ b/2018/10xxx/CVE-2018-10928.json @@ -91,6 +91,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10929.json b/2018/10xxx/CVE-2018-10929.json index 1ca4a73bd07..9dcf0e5c9f9 100644 --- a/2018/10xxx/CVE-2018-10929.json +++ b/2018/10xxx/CVE-2018-10929.json @@ -96,6 +96,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/10xxx/CVE-2018-10930.json b/2018/10xxx/CVE-2018-10930.json index 8815c5a9e0f..cbf8b8b5484 100644 --- a/2018/10xxx/CVE-2018-10930.json +++ b/2018/10xxx/CVE-2018-10930.json @@ -96,6 +96,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/11xxx/CVE-2018-11039.json b/2018/11xxx/CVE-2018-11039.json index c1dbfd21760..afd204ce154 100644 --- a/2018/11xxx/CVE-2018-11039.json +++ b/2018/11xxx/CVE-2018-11039.json @@ -89,6 +89,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2018/11xxx/CVE-2018-11040.json b/2018/11xxx/CVE-2018-11040.json index 8957eb8f951..03bde433bfe 100644 --- a/2018/11xxx/CVE-2018-11040.json +++ b/2018/11xxx/CVE-2018-11040.json @@ -84,6 +84,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2018/11xxx/CVE-2018-11054.json b/2018/11xxx/CVE-2018-11054.json index 238f3f09fee..46f3b3324a3 100644 --- a/2018/11xxx/CVE-2018-11054.json +++ b/2018/11xxx/CVE-2018-11054.json @@ -78,6 +78,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2018/11xxx/CVE-2018-11055.json b/2018/11xxx/CVE-2018-11055.json index d5a7e43129a..baf4c53a53b 100644 --- a/2018/11xxx/CVE-2018-11055.json +++ b/2018/11xxx/CVE-2018-11055.json @@ -82,6 +82,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2018/11xxx/CVE-2018-11056.json b/2018/11xxx/CVE-2018-11056.json index d055343e44c..0633268efb2 100644 --- a/2018/11xxx/CVE-2018-11056.json +++ b/2018/11xxx/CVE-2018-11056.json @@ -96,6 +96,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2018/11xxx/CVE-2018-11057.json b/2018/11xxx/CVE-2018-11057.json index 12d42232e35..29bd9ad4643 100644 --- a/2018/11xxx/CVE-2018-11057.json +++ b/2018/11xxx/CVE-2018-11057.json @@ -82,6 +82,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2018/11xxx/CVE-2018-11058.json b/2018/11xxx/CVE-2018-11058.json index be385cff604..c3ce5cfc58b 100644 --- a/2018/11xxx/CVE-2018-11058.json +++ b/2018/11xxx/CVE-2018-11058.json @@ -98,6 +98,11 @@ "refsource": "BID", "name": "108106", "url": "http://www.securityfocus.com/bid/108106" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2018/11xxx/CVE-2018-11307.json b/2018/11xxx/CVE-2018-11307.json index 0d83390c121..2231a8e5b7f 100644 --- a/2018/11xxx/CVE-2018-11307.json +++ b/2018/11xxx/CVE-2018-11307.json @@ -141,6 +141,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4037", "url": "https://access.redhat.com/errata/RHSA-2019:4037" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/11xxx/CVE-2018-11759.json b/2018/11xxx/CVE-2018-11759.json index daafcc6a270..24df94e804f 100644 --- a/2018/11xxx/CVE-2018-11759.json +++ b/2018/11xxx/CVE-2018-11759.json @@ -101,6 +101,11 @@ "refsource": "MLIST", "name": "[tomcat-dev] 20190415 svn commit: r1857582 [20/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/", "url": "https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4@%3Cdev.tomcat.apache.org%3E" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/11xxx/CVE-2018-11778.json b/2018/11xxx/CVE-2018-11778.json index 4d1e23056ac..a88ccbd9850 100644 --- a/2018/11xxx/CVE-2018-11778.json +++ b/2018/11xxx/CVE-2018-11778.json @@ -62,6 +62,16 @@ "name": "[oss-security] 20181004 CVE update - fixed in Apache Ranger 1.2.0", "refsource": "MLIST", "url": "https://seclists.org/oss-sec/2018/q4/11" + }, + { + "refsource": "MLIST", + "name": "[ranger-dev] 20200121 [jira] [Resolved] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue", + "url": "https://lists.apache.org/thread.html/r04bc435a92911de4b52d2b98f169bd7cf2e8bbeb53b03788df8f932c@%3Cdev.ranger.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[ranger-dev] 20200121 [jira] [Commented] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue", + "url": "https://lists.apache.org/thread.html/rd88077a781ef38f7687c100f93992f4dda8aa101925050c4af470998@%3Cdev.ranger.apache.org%3E" } ] } diff --git a/2018/11xxx/CVE-2018-11784.json b/2018/11xxx/CVE-2018-11784.json index 6f5dfb72966..54f1c2786ec 100644 --- a/2018/11xxx/CVE-2018-11784.json +++ b/2018/11xxx/CVE-2018-11784.json @@ -213,6 +213,11 @@ "refsource": "BUGTRAQ", "name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", "url": "https://seclists.org/bugtraq/2019/Dec/43" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/11xxx/CVE-2018-11805.json b/2018/11xxx/CVE-2018-11805.json index 331bc504fee..dbb02a75ee2 100644 --- a/2018/11xxx/CVE-2018-11805.json +++ b/2018/11xxx/CVE-2018-11805.json @@ -113,6 +113,16 @@ "refsource": "MLIST", "name": "[spamassassin-users] 20191219 Re: CVE-2018-11805 fix and sa-exim", "url": "https://lists.apache.org/thread.html/0b5c73809d0690527341d940029f743807b70550050fd23ee869c5e5@%3Cusers.spamassassin.apache.org%3E" + }, + { + "refsource": "UBUNTU", + "name": "USN-4237-1", + "url": "https://usn.ubuntu.com/4237-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4237-2", + "url": "https://usn.ubuntu.com/4237-2/" } ] }, diff --git a/2018/12xxx/CVE-2018-12126.json b/2018/12xxx/CVE-2018-12126.json index 360601dfb9b..87ceea2bdac 100644 --- a/2018/12xxx/CVE-2018-12126.json +++ b/2018/12xxx/CVE-2018-12126.json @@ -153,6 +153,16 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html", "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] }, diff --git a/2018/12xxx/CVE-2018-12127.json b/2018/12xxx/CVE-2018-12127.json index 4578da096b5..bb2dd36313e 100644 --- a/2018/12xxx/CVE-2018-12127.json +++ b/2018/12xxx/CVE-2018-12127.json @@ -153,6 +153,16 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html", "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] }, diff --git a/2018/12xxx/CVE-2018-12130.json b/2018/12xxx/CVE-2018-12130.json index 0c6bf01cc3f..44688fe0ac2 100644 --- a/2018/12xxx/CVE-2018-12130.json +++ b/2018/12xxx/CVE-2018-12130.json @@ -153,6 +153,16 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html", "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] }, diff --git a/2018/12xxx/CVE-2018-12204.json b/2018/12xxx/CVE-2018-12204.json index 6685e794871..a10b12db47b 100644 --- a/2018/12xxx/CVE-2018-12204.json +++ b/2018/12xxx/CVE-2018-12204.json @@ -72,6 +72,11 @@ "refsource": "CONFIRM", "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03929en_us", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03929en_us" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03978en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03978en_us" } ] } diff --git a/2018/12xxx/CVE-2018-12207.json b/2018/12xxx/CVE-2018-12207.json index e1d14042832..e5f2580c716 100644 --- a/2018/12xxx/CVE-2018-12207.json +++ b/2018/12xxx/CVE-2018-12207.json @@ -98,6 +98,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0028", "url": "https://access.redhat.com/errata/RHSA-2020:0028" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] }, diff --git a/2018/12xxx/CVE-2018-12417.json b/2018/12xxx/CVE-2018-12417.json index ee19b6031c4..5d6dda4566b 100644 --- a/2018/12xxx/CVE-2018-12417.json +++ b/2018/12xxx/CVE-2018-12417.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-12417", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-12417", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2018/12xxx/CVE-2018-12476.json b/2018/12xxx/CVE-2018-12476.json index c49e3ca7e76..3a31799b83a 100644 --- a/2018/12xxx/CVE-2018-12476.json +++ b/2018/12xxx/CVE-2018-12476.json @@ -1,9 +1,61 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2020-01-27T00:00:00.000Z", "ID": "CVE-2018-12476", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "obs-service-extract_file's outfilename parameter allows to write files outside of package directory" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SUSE Linux Enterprise Server 15", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "obs-service-tar_scm", + "version_value": "0.9.2.1537788075.fefaa74:" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + }, + { + "product": { + "product_data": [ + { + "product_name": "Factory", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "obs-service-tar_scm", + "version_value": "0.9.2.1537788075.fefaa74" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Matthias Gerstner of SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +63,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-23: Relative Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1107944", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1107944" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1107944", + "defect": [ + "1107944" + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13305.json b/2018/13xxx/CVE-2018-13305.json index 86d22b8eb31..a2c6b121eba 100644 --- a/2018/13xxx/CVE-2018-13305.json +++ b/2018/13xxx/CVE-2018-13305.json @@ -56,6 +56,11 @@ "name": "https://github.com/FFmpeg/FFmpeg/commit/d08d4a8c7387e758d439b0592782e4cfa2b4d6a4", "refsource": "MISC", "url": "https://github.com/FFmpeg/FFmpeg/commit/d08d4a8c7387e758d439b0592782e4cfa2b4d6a4" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0024", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html" } ] } diff --git a/2018/13xxx/CVE-2018-13379.json b/2018/13xxx/CVE-2018-13379.json index 2a05c9186c2..4c824af5f7c 100644 --- a/2018/13xxx/CVE-2018-13379.json +++ b/2018/13xxx/CVE-2018-13379.json @@ -83,7 +83,7 @@ "description_data": [ { "lang": "eng", - "value": "An Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests." + "value": "An Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests." } ] } diff --git a/2018/13xxx/CVE-2018-13380.json b/2018/13xxx/CVE-2018-13380.json index da010726c0b..ee7fb9181d6 100644 --- a/2018/13xxx/CVE-2018-13380.json +++ b/2018/13xxx/CVE-2018-13380.json @@ -71,7 +71,7 @@ "description_data": [ { "lang": "eng", - "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters." + "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters." } ] } diff --git a/2018/13xxx/CVE-2018-13383.json b/2018/13xxx/CVE-2018-13383.json index 0d204691c6f..6b854e7ca24 100644 --- a/2018/13xxx/CVE-2018-13383.json +++ b/2018/13xxx/CVE-2018-13383.json @@ -70,7 +70,7 @@ "description_data": [ { "lang": "eng", - "value": "A heap buffer overflow in Fortinet FortiOS all versions below 6.0.5 in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages." + "value": "A heap buffer overflow in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.10, 5.4.0 to 5.4.12, 5.2.14 and below in the SSL VPN web portal may cause the SSL VPN web service termination for logged in users due to a failure to properly handle javascript href data when proxying webpages." } ] } diff --git a/2018/14xxx/CVE-2018-14461.json b/2018/14xxx/CVE-2018-14461.json index 9970171685e..6b614cfea6d 100644 --- a/2018/14xxx/CVE-2018-14461.json +++ b/2018/14xxx/CVE-2018-14461.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14462.json b/2018/14xxx/CVE-2018-14462.json index 26ee2e9c5b8..7c8386cc0f5 100644 --- a/2018/14xxx/CVE-2018-14462.json +++ b/2018/14xxx/CVE-2018-14462.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14463.json b/2018/14xxx/CVE-2018-14463.json index 2a26eda8b65..5145e0ca49c 100644 --- a/2018/14xxx/CVE-2018-14463.json +++ b/2018/14xxx/CVE-2018-14463.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14464.json b/2018/14xxx/CVE-2018-14464.json index f947c6f1221..0fb92c0657e 100644 --- a/2018/14xxx/CVE-2018-14464.json +++ b/2018/14xxx/CVE-2018-14464.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14465.json b/2018/14xxx/CVE-2018-14465.json index b58d6240f0e..27b2efe9110 100644 --- a/2018/14xxx/CVE-2018-14465.json +++ b/2018/14xxx/CVE-2018-14465.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14466.json b/2018/14xxx/CVE-2018-14466.json index dcb8d417d9c..482e782e680 100644 --- a/2018/14xxx/CVE-2018-14466.json +++ b/2018/14xxx/CVE-2018-14466.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14467.json b/2018/14xxx/CVE-2018-14467.json index bc745fc65d3..7ff95c30af6 100644 --- a/2018/14xxx/CVE-2018-14467.json +++ b/2018/14xxx/CVE-2018-14467.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14468.json b/2018/14xxx/CVE-2018-14468.json index 4e4940eb8ec..36e0ced091b 100644 --- a/2018/14xxx/CVE-2018-14468.json +++ b/2018/14xxx/CVE-2018-14468.json @@ -121,6 +121,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14469.json b/2018/14xxx/CVE-2018-14469.json index f24d7e13e5b..3756bde8b28 100644 --- a/2018/14xxx/CVE-2018-14469.json +++ b/2018/14xxx/CVE-2018-14469.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14470.json b/2018/14xxx/CVE-2018-14470.json index f5c65fc675e..53864fc152d 100644 --- a/2018/14xxx/CVE-2018-14470.json +++ b/2018/14xxx/CVE-2018-14470.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14647.json b/2018/14xxx/CVE-2018-14647.json index 60ceabee39b..7027580556d 100644 --- a/2018/14xxx/CVE-2018-14647.json +++ b/2018/14xxx/CVE-2018-14647.json @@ -139,6 +139,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3725", "url": "https://access.redhat.com/errata/RHSA-2019:3725" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2018/14xxx/CVE-2018-14718.json b/2018/14xxx/CVE-2018-14718.json index 9131c81350f..4e2c0f209e5 100644 --- a/2018/14xxx/CVE-2018-14718.json +++ b/2018/14xxx/CVE-2018-14718.json @@ -206,6 +206,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4037", "url": "https://access.redhat.com/errata/RHSA-2019:4037" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/14xxx/CVE-2018-14879.json b/2018/14xxx/CVE-2018-14879.json index 2df53d96950..03009e2c190 100644 --- a/2018/14xxx/CVE-2018-14879.json +++ b/2018/14xxx/CVE-2018-14879.json @@ -121,6 +121,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14880.json b/2018/14xxx/CVE-2018-14880.json index 01324c2c240..42525f7c26a 100644 --- a/2018/14xxx/CVE-2018-14880.json +++ b/2018/14xxx/CVE-2018-14880.json @@ -121,6 +121,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14881.json b/2018/14xxx/CVE-2018-14881.json index f3a71b8421b..a84ade04b82 100644 --- a/2018/14xxx/CVE-2018-14881.json +++ b/2018/14xxx/CVE-2018-14881.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/14xxx/CVE-2018-14882.json b/2018/14xxx/CVE-2018-14882.json index 6aec0690a46..d8894e306af 100644 --- a/2018/14xxx/CVE-2018-14882.json +++ b/2018/14xxx/CVE-2018-14882.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/15xxx/CVE-2018-15473.json b/2018/15xxx/CVE-2018-15473.json index 8a69e3b1cd9..16656865fe3 100644 --- a/2018/15xxx/CVE-2018-15473.json +++ b/2018/15xxx/CVE-2018-15473.json @@ -131,6 +131,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2143", "url": "https://access.redhat.com/errata/RHSA-2019:2143" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/15xxx/CVE-2018-15756.json b/2018/15xxx/CVE-2018-15756.json index a977123eaee..5fe188fa709 100644 --- a/2018/15xxx/CVE-2018-15756.json +++ b/2018/15xxx/CVE-2018-15756.json @@ -151,6 +151,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2018/15xxx/CVE-2018-15769.json b/2018/15xxx/CVE-2018-15769.json index cf1cc9a9c24..f980f4c70be 100644 --- a/2018/15xxx/CVE-2018-15769.json +++ b/2018/15xxx/CVE-2018-15769.json @@ -71,6 +71,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/16xxx/CVE-2018-16140.json b/2018/16xxx/CVE-2018-16140.json index ee655067588..056398e1253 100644 --- a/2018/16xxx/CVE-2018-16140.json +++ b/2018/16xxx/CVE-2018-16140.json @@ -61,6 +61,11 @@ "name": "USN-3760-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3760-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200121 [SECURITY] [DLA 2073-1] transfig security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html" } ] } diff --git a/2018/16xxx/CVE-2018-16227.json b/2018/16xxx/CVE-2018-16227.json index fc065328e5b..f9070b836a7 100644 --- a/2018/16xxx/CVE-2018-16227.json +++ b/2018/16xxx/CVE-2018-16227.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/16xxx/CVE-2018-16228.json b/2018/16xxx/CVE-2018-16228.json index ee46e81c760..f5582ee5645 100644 --- a/2018/16xxx/CVE-2018-16228.json +++ b/2018/16xxx/CVE-2018-16228.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/16xxx/CVE-2018-16229.json b/2018/16xxx/CVE-2018-16229.json index 3b02c7086cd..9a3e2fdb5ea 100644 --- a/2018/16xxx/CVE-2018-16229.json +++ b/2018/16xxx/CVE-2018-16229.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/16xxx/CVE-2018-16230.json b/2018/16xxx/CVE-2018-16230.json index 04326d51f97..8b108bfafdd 100644 --- a/2018/16xxx/CVE-2018-16230.json +++ b/2018/16xxx/CVE-2018-16230.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/16xxx/CVE-2018-16262.json b/2018/16xxx/CVE-2018-16262.json index becac13452e..0271d338624 100644 --- a/2018/16xxx/CVE-2018-16262.json +++ b/2018/16xxx/CVE-2018-16262.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16262", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The pkgmgr system service in Tizen allows an unprivileged process to perform package management actions, due to improper D-Bus security policy configurations. Such actions include installing, decrypting, and killing other packages. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://review.tizen.org/git/?p=platform/core/appfw/pkgmgr-server.git;a=commit;h=aac8a95859828a058d8e06893982b11ebc81dd78", + "refsource": "MISC", + "name": "https://review.tizen.org/git/?p=platform/core/appfw/pkgmgr-server.git;a=commit;h=aac8a95859828a058d8e06893982b11ebc81dd78" + }, + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } diff --git a/2018/16xxx/CVE-2018-16263.json b/2018/16xxx/CVE-2018-16263.json index 4f0ef3d76d1..5bc02719404 100644 --- a/2018/16xxx/CVE-2018-16263.json +++ b/2018/16xxx/CVE-2018-16263.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16263", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The PulseAudio system service in Tizen allows an unprivileged process to control its A2DP MediaEndpoint, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "url": "https://review.tizen.org/git/?p=platform/upstream/pulseaudio.git;a=commit;h=81e8ba9f3ab0917da4fdfa094f49333be57964c6", + "refsource": "MISC", + "name": "https://review.tizen.org/git/?p=platform/upstream/pulseaudio.git;a=commit;h=81e8ba9f3ab0917da4fdfa094f49333be57964c6" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } diff --git a/2018/16xxx/CVE-2018-16264.json b/2018/16xxx/CVE-2018-16264.json index 3702e967f06..8826382f310 100644 --- a/2018/16xxx/CVE-2018-16264.json +++ b/2018/16xxx/CVE-2018-16264.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16264", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "url": "https://review.tizen.org/git/?p=platform/upstream/bluez.git;a=commit;h=ff9878c95efc12d4a4495153ab51e3a09f8d3c01", + "refsource": "MISC", + "name": "https://review.tizen.org/git/?p=platform/upstream/bluez.git;a=commit;h=ff9878c95efc12d4a4495153ab51e3a09f8d3c01" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } diff --git a/2018/16xxx/CVE-2018-16265.json b/2018/16xxx/CVE-2018-16265.json index 587de13e202..43bf3abee22 100644 --- a/2018/16xxx/CVE-2018-16265.json +++ b/2018/16xxx/CVE-2018-16265.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16265", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The bt/bt_core system service in Tizen allows an unprivileged process to create a system user interface and control the Bluetooth pairing process, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "url": "https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git;a=commit;h=074dfc9709d8cee84564fc815796b0ef0c3273f5", + "refsource": "MISC", + "name": "https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git;a=commit;h=074dfc9709d8cee84564fc815796b0ef0c3273f5" + }, + { + "url": "https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git;a=commit;h=bafbd66906ae5712874dc0d7dd6288d2c1ae4db2", + "refsource": "MISC", + "name": "https://review.tizen.org/git/?p=platform/core/connectivity/bluetooth-frwk.git;a=commit;h=bafbd66906ae5712874dc0d7dd6288d2c1ae4db2" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } diff --git a/2018/16xxx/CVE-2018-16266.json b/2018/16xxx/CVE-2018-16266.json index 7fdd27a0c45..a34be50d1a2 100644 --- a/2018/16xxx/CVE-2018-16266.json +++ b/2018/16xxx/CVE-2018-16266.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16266", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "url": "https://review.tizen.org/git/?p=platform/upstream/enlightenment.git;a=commit;h=8ff5c24d04f97b1c84b463535876600b22128fb4", + "refsource": "MISC", + "name": "https://review.tizen.org/git/?p=platform/upstream/enlightenment.git;a=commit;h=8ff5c24d04f97b1c84b463535876600b22128fb4" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } diff --git a/2018/16xxx/CVE-2018-16267.json b/2018/16xxx/CVE-2018-16267.json index 46437f0d44c..1069d337fa4 100644 --- a/2018/16xxx/CVE-2018-16267.json +++ b/2018/16xxx/CVE-2018-16267.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16267", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The system-popup system service in Tizen allows an unprivileged process to perform popup-related system actions, due to improper D-Bus security policy configurations. Such actions include the triggering system poweroff menu, and prompting a popup with arbitrary strings. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "url": "https://review.tizen.org/git/?p=platform/core/system/system-popup.git;a=commit;h=57b3c2f3cd61c6f432e7abe3a2d8b0df72fd4b0e", + "refsource": "MISC", + "name": "https://review.tizen.org/git/?p=platform/core/system/system-popup.git;a=commit;h=57b3c2f3cd61c6f432e7abe3a2d8b0df72fd4b0e" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } diff --git a/2018/16xxx/CVE-2018-16268.json b/2018/16xxx/CVE-2018-16268.json index 8f2bdb87d22..907bb80cece 100644 --- a/2018/16xxx/CVE-2018-16268.json +++ b/2018/16xxx/CVE-2018-16268.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16268", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The SoundServer/FocusServer system services in Tizen allow an unprivileged process to perform media-related system actions, due to improper D-Bus security policy configurations. Such actions include playing an arbitrary sound file or DTMF tones. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "url": "https://review.tizen.org/git/?p=platform/core/multimedia/libmm-sound.git;a=commit;h=7fce6f2d6d480b3bd0e84a5ba3f72173a37e36db", + "refsource": "MISC", + "name": "https://review.tizen.org/git/?p=platform/core/multimedia/libmm-sound.git;a=commit;h=7fce6f2d6d480b3bd0e84a5ba3f72173a37e36db" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } diff --git a/2018/16xxx/CVE-2018-16269.json b/2018/16xxx/CVE-2018-16269.json index 6b822e59a15..6c7a9764453 100644 --- a/2018/16xxx/CVE-2018-16269.json +++ b/2018/16xxx/CVE-2018-16269.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16269", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } diff --git a/2018/16xxx/CVE-2018-16270.json b/2018/16xxx/CVE-2018-16270.json index 33f8b99018c..18f029840ff 100644 --- a/2018/16xxx/CVE-2018-16270.json +++ b/2018/16xxx/CVE-2018-16270.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16270", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } diff --git a/2018/16xxx/CVE-2018-16271.json b/2018/16xxx/CVE-2018-16271.json index 842a75bf7e1..58695cee2ed 100644 --- a/2018/16xxx/CVE-2018-16271.json +++ b/2018/16xxx/CVE-2018-16271.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16271", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } diff --git a/2018/16xxx/CVE-2018-16272.json b/2018/16xxx/CVE-2018-16272.json index a2d15c01089..6aa4c44deef 100644 --- a/2018/16xxx/CVE-2018-16272.json +++ b/2018/16xxx/CVE-2018-16272.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-16272", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf", + "refsource": "MISC", + "name": "https://media.defcon.org/DEF%20CON%2026/DEF%20CON%2026%20presentations/Dongsung%20Kim%20and%20Hyoung%20Kee%20Choi%20-%20Updated/DEFCON-26-Dongsung-Kim-and-Hyoung-Kee-Choi-Your-Watch-Can-Watch-You-Updated.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be", + "url": "https://www.youtube.com/watch?v=3IdgBwbOT-g&feature=youtu.be" } ] } diff --git a/2018/16xxx/CVE-2018-16300.json b/2018/16xxx/CVE-2018-16300.json index b1ffd793bde..5e7172dd0fb 100644 --- a/2018/16xxx/CVE-2018-16300.json +++ b/2018/16xxx/CVE-2018-16300.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/16xxx/CVE-2018-16395.json b/2018/16xxx/CVE-2018-16395.json index 4371d45988b..cc261a42daa 100644 --- a/2018/16xxx/CVE-2018-16395.json +++ b/2018/16xxx/CVE-2018-16395.json @@ -141,6 +141,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2565", "url": "https://access.redhat.com/errata/RHSA-2019:2565" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/16xxx/CVE-2018-16451.json b/2018/16xxx/CVE-2018-16451.json index e76432cf61a..fcd311c4c73 100644 --- a/2018/16xxx/CVE-2018-16451.json +++ b/2018/16xxx/CVE-2018-16451.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/16xxx/CVE-2018-16452.json b/2018/16xxx/CVE-2018-16452.json index 536cf0b28a8..c9dd1af56e9 100644 --- a/2018/16xxx/CVE-2018-16452.json +++ b/2018/16xxx/CVE-2018-16452.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2018/16xxx/CVE-2018-16803.json b/2018/16xxx/CVE-2018-16803.json index 2c982ecf8c1..03ab98f17a1 100644 --- a/2018/16xxx/CVE-2018-16803.json +++ b/2018/16xxx/CVE-2018-16803.json @@ -61,6 +61,11 @@ "name": "https://twitter.com/DC3VDP/status/1083359509995753473", "refsource": "MISC", "url": "https://twitter.com/DC3VDP/status/1083359509995753473" + }, + { + "refsource": "MISC", + "name": "https://www.websec.nl/news.php", + "url": "https://www.websec.nl/news.php" } ] } diff --git a/2018/17xxx/CVE-2018-17189.json b/2018/17xxx/CVE-2018-17189.json index 6a58f66aad8..0ef3d1eec8a 100644 --- a/2018/17xxx/CVE-2018-17189.json +++ b/2018/17xxx/CVE-2018-17189.json @@ -147,6 +147,11 @@ "refsource": "CONFIRM", "name": "https://www.tenable.com/security/tns-2019-09", "url": "https://www.tenable.com/security/tns-2019-09" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/17xxx/CVE-2018-17196.json b/2018/17xxx/CVE-2018-17196.json index fb7111e47b1..bce84bca733 100644 --- a/2018/17xxx/CVE-2018-17196.json +++ b/2018/17xxx/CVE-2018-17196.json @@ -73,6 +73,11 @@ "refsource": "MLIST", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[kafka-commits] 20200115 [kafka-site] branch asf-site updated: Add CVE-2019-12399 (#250)", + "url": "https://lists.apache.org/thread.html/rc27d424d0bdeaf31081c3e246db3c66e882243ae3f342dfa845e0261@%3Ccommits.kafka.apache.org%3E" } ] }, diff --git a/2018/17xxx/CVE-2018-17358.json b/2018/17xxx/CVE-2018-17358.json index c3b2c83647c..3f15d776cc7 100644 --- a/2018/17xxx/CVE-2018-17358.json +++ b/2018/17xxx/CVE-2018-17358.json @@ -66,6 +66,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2432", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00008.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4604-1] cacti security update", + "url": "https://seclists.org/bugtraq/2020/Jan/25" } ] } diff --git a/2018/17xxx/CVE-2018-17942.json b/2018/17xxx/CVE-2018-17942.json index 40ce4a491ed..e052ae6afae 100644 --- a/2018/17xxx/CVE-2018-17942.json +++ b/2018/17xxx/CVE-2018-17942.json @@ -66,6 +66,16 @@ "name": "https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html", "refsource": "MISC", "url": "https://lists.gnu.org/archive/html/bug-gnulib/2018-09/msg00107.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-acac61cfd0", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5UQRNQE6XHMD5UYYHAU3VQWAYHIPMQS/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-663f619e9c", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGHTVYH3KAFN34QXNSGEQDSTV7MCOQW/" } ] } diff --git a/2018/17xxx/CVE-2018-17981.json b/2018/17xxx/CVE-2018-17981.json index 8f3d169dd9e..89773565487 100644 --- a/2018/17xxx/CVE-2018-17981.json +++ b/2018/17xxx/CVE-2018-17981.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-17981", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Lifesize Express ls ex2_4.7.10 2000 (14) devices allow XSS via the interface/interface.php brand parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/lifesize-devices-allow-xss-via.html", + "url": "https://sku11army.blogspot.com/2020/01/lifesize-devices-allow-xss-via.html" } ] } diff --git a/2018/18xxx/CVE-2018-18035.json b/2018/18xxx/CVE-2018-18035.json index 8e1cab83c28..4052285d306 100644 --- a/2018/18xxx/CVE-2018-18035.json +++ b/2018/18xxx/CVE-2018-18035.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches", "url": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches" + }, + { + "refsource": "MISC", + "name": "https://www.purplemet.com/blog/openemr-xss-vulnerability", + "url": "https://www.purplemet.com/blog/openemr-xss-vulnerability" } ] } diff --git a/2018/18xxx/CVE-2018-18246.json b/2018/18xxx/CVE-2018-18246.json index 738d7e3d74e..e80d4eb5ce7 100644 --- a/2018/18xxx/CVE-2018-18246.json +++ b/2018/18xxx/CVE-2018-18246.json @@ -56,6 +56,11 @@ "name": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180027.txt", "refsource": "MISC", "url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180027.txt" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0067", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00031.html" } ] } diff --git a/2018/18xxx/CVE-2018-18247.json b/2018/18xxx/CVE-2018-18247.json index f16e86c14a9..1955df29ad3 100644 --- a/2018/18xxx/CVE-2018-18247.json +++ b/2018/18xxx/CVE-2018-18247.json @@ -56,6 +56,11 @@ "name": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180029.txt", "refsource": "MISC", "url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180029.txt" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0067", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00031.html" } ] } diff --git a/2018/18xxx/CVE-2018-18248.json b/2018/18xxx/CVE-2018-18248.json index fcaea44e7b8..3011f2855c3 100644 --- a/2018/18xxx/CVE-2018-18248.json +++ b/2018/18xxx/CVE-2018-18248.json @@ -56,6 +56,11 @@ "name": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180028.txt", "refsource": "MISC", "url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180028.txt" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0067", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00031.html" } ] } diff --git a/2018/18xxx/CVE-2018-18249.json b/2018/18xxx/CVE-2018-18249.json index 8b0fc20e3c0..d84db96d41e 100644 --- a/2018/18xxx/CVE-2018-18249.json +++ b/2018/18xxx/CVE-2018-18249.json @@ -56,6 +56,11 @@ "name": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180030.txt", "refsource": "MISC", "url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180030.txt" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0067", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00031.html" } ] } diff --git a/2018/18xxx/CVE-2018-18250.json b/2018/18xxx/CVE-2018-18250.json index b7558e17c00..3950792bb58 100644 --- a/2018/18xxx/CVE-2018-18250.json +++ b/2018/18xxx/CVE-2018-18250.json @@ -56,6 +56,11 @@ "name": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180030.txt", "refsource": "MISC", "url": "https://herolab.usd.de/wp-content/uploads/sites/4/2018/12/usd20180030.txt" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0067", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00031.html" } ] } diff --git a/2018/18xxx/CVE-2018-18281.json b/2018/18xxx/CVE-2018-18281.json index 532e42e5adb..65e05374f1c 100644 --- a/2018/18xxx/CVE-2018-18281.json +++ b/2018/18xxx/CVE-2018-18281.json @@ -171,6 +171,21 @@ "refsource": "REDHAT", "name": "RHSA-2020:0036", "url": "https://access.redhat.com/errata/RHSA-2020:0036" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0100", + "url": "https://access.redhat.com/errata/RHSA-2020:0100" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0103", + "url": "https://access.redhat.com/errata/RHSA-2020:0103" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0179", + "url": "https://access.redhat.com/errata/RHSA-2020:0179" } ] } diff --git a/2018/18xxx/CVE-2018-18559.json b/2018/18xxx/CVE-2018-18559.json index 96d54612e39..90f6f7b2867 100644 --- a/2018/18xxx/CVE-2018-18559.json +++ b/2018/18xxx/CVE-2018-18559.json @@ -91,6 +91,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4159", "url": "https://access.redhat.com/errata/RHSA-2019:4159" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] } diff --git a/2018/18xxx/CVE-2018-18811.json b/2018/18xxx/CVE-2018-18811.json index 1316485b592..70ea1360036 100644 --- a/2018/18xxx/CVE-2018-18811.json +++ b/2018/18xxx/CVE-2018-18811.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-18811", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-18811", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." } ] } diff --git a/2018/19xxx/CVE-2018-19360.json b/2018/19xxx/CVE-2018-19360.json index 88a12bd84cd..3dfdd6c1481 100644 --- a/2018/19xxx/CVE-2018-19360.json +++ b/2018/19xxx/CVE-2018-19360.json @@ -216,6 +216,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4037", "url": "https://access.redhat.com/errata/RHSA-2019:4037" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2018/19xxx/CVE-2018-19361.json b/2018/19xxx/CVE-2018-19361.json index 9f99db55197..73685b06891 100644 --- a/2018/19xxx/CVE-2018-19361.json +++ b/2018/19xxx/CVE-2018-19361.json @@ -216,6 +216,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4037", "url": "https://access.redhat.com/errata/RHSA-2019:4037" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2018/19xxx/CVE-2018-19362.json b/2018/19xxx/CVE-2018-19362.json index 87e070ba0f1..05a7483a9f8 100644 --- a/2018/19xxx/CVE-2018-19362.json +++ b/2018/19xxx/CVE-2018-19362.json @@ -216,6 +216,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:4037", "url": "https://access.redhat.com/errata/RHSA-2019:4037" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2018/19xxx/CVE-2018-19441.json b/2018/19xxx/CVE-2018-19441.json index c7e06b07f99..dc7f2788f2d 100644 --- a/2018/19xxx/CVE-2018-19441.json +++ b/2018/19xxx/CVE-2018-19441.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19441", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateRobotPassword function of the NeatoCrypto library generates insufficiently random numbers for robot secret_key values used for local and cloud authentication/authorization. If an attacker knows the serial number and is able to estimate the time of first provisioning of a robot, he is able to brute force the generated secret_key of the robot. This is because the entropy of the secret_key exclusively relies on these two values, due to not seeding the random generator and using several constant inputs for secret_key computation. Serial numbers are printed on the packaging and equal the MAC address of the robot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=k5nj7Jhwn9c", + "url": "https://www.youtube.com/watch?v=k5nj7Jhwn9c" + }, + { + "refsource": "MISC", + "name": "https://www.usenix.org/system/files/woot19-paper_ullrich.pdf", + "url": "https://www.usenix.org/system/files/woot19-paper_ullrich.pdf" } ] } diff --git a/2018/19xxx/CVE-2018-19442.json b/2018/19xxx/CVE-2018-19442.json index ed19ea60a9c..7f5169fefc2 100644 --- a/2018/19xxx/CVE-2018-19442.json +++ b/2018/19xxx/CVE-2018-19442.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://media.ccc.de/v/eh19-157-smart-vacuum-cleaners-as-remote-wiretapping-devices#t=1779", "url": "https://media.ccc.de/v/eh19-157-smart-vacuum-cleaners-as-remote-wiretapping-devices#t=1779" + }, + { + "refsource": "MISC", + "name": "https://www.usenix.org/system/files/woot19-paper_ullrich.pdf", + "url": "https://www.usenix.org/system/files/woot19-paper_ullrich.pdf" } ] } diff --git a/2018/19xxx/CVE-2018-19840.json b/2018/19xxx/CVE-2018-19840.json index a74b676c08b..dcea1123d2e 100644 --- a/2018/19xxx/CVE-2018-19840.json +++ b/2018/19xxx/CVE-2018-19840.json @@ -96,6 +96,16 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html", "url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2018/19xxx/CVE-2018-19841.json b/2018/19xxx/CVE-2018-19841.json index e7e19862ea5..8532e9f5581 100644 --- a/2018/19xxx/CVE-2018-19841.json +++ b/2018/19xxx/CVE-2018-19841.json @@ -96,6 +96,16 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html", "url": "http://packetstormsecurity.com/files/155743/Slackware-Security-Advisory-wavpack-Updates.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2018/1xxx/CVE-2018-1060.json b/2018/1xxx/CVE-2018-1060.json index a2bb5891124..3bd6300c56c 100644 --- a/2018/1xxx/CVE-2018-1060.json +++ b/2018/1xxx/CVE-2018-1060.json @@ -43,7 +43,7 @@ "description_data": [ { "lang": "eng", - "value": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service." + "value": "python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service." } ] }, @@ -170,6 +170,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:3725", "url": "https://access.redhat.com/errata/RHSA-2019:3725" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2018/1xxx/CVE-2018-1061.json b/2018/1xxx/CVE-2018-1061.json index 5419482626e..40a3bd50ebb 100644 --- a/2018/1xxx/CVE-2018-1061.json +++ b/2018/1xxx/CVE-2018-1061.json @@ -170,6 +170,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3725", "url": "https://access.redhat.com/errata/RHSA-2019:3725" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2018/1xxx/CVE-2018-1088.json b/2018/1xxx/CVE-2018-1088.json index 9958c60e010..be487188fcd 100644 --- a/2018/1xxx/CVE-2018-1088.json +++ b/2018/1xxx/CVE-2018-1088.json @@ -82,6 +82,11 @@ "refsource": "GENTOO", "name": "GLSA-201904-06", "url": "https://security.gentoo.org/glsa/201904-06" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/1xxx/CVE-2018-1112.json b/2018/1xxx/CVE-2018-1112.json index 54c7d74a0cb..61dee02a19e 100644 --- a/2018/1xxx/CVE-2018-1112.json +++ b/2018/1xxx/CVE-2018-1112.json @@ -89,6 +89,11 @@ "name": "RHSA-2018:1269", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1269" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0079", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" } ] } diff --git a/2018/1xxx/CVE-2018-1257.json b/2018/1xxx/CVE-2018-1257.json index fdd798ad4ea..ae52e2a6422 100644 --- a/2018/1xxx/CVE-2018-1257.json +++ b/2018/1xxx/CVE-2018-1257.json @@ -92,6 +92,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/1xxx/CVE-2018-1258.json b/2018/1xxx/CVE-2018-1258.json index f3a282fc06a..a63b7a6d44b 100644 --- a/2018/1xxx/CVE-2018-1258.json +++ b/2018/1xxx/CVE-2018-1258.json @@ -108,6 +108,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2413", "url": "https://access.redhat.com/errata/RHSA-2019:2413" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/1xxx/CVE-2018-1311.json b/2018/1xxx/CVE-2018-1311.json index 3ba055ea2b2..86c65976dd7 100644 --- a/2018/1xxx/CVE-2018-1311.json +++ b/2018/1xxx/CVE-2018-1311.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://marc.info/?l=xerces-c-users&m=157653840106914&w=2", "url": "https://marc.info/?l=xerces-c-users&m=157653840106914&w=2" + }, + { + "refsource": "MLIST", + "name": "[xerces-c-dev] 20200110 [xerces-c] 06/13: Add CVE-2018-1311 advisory and web site note.", + "url": "https://lists.apache.org/thread.html/r48ea463fde218b1e4cc1a1d05770a0cea34de0600b4355315a49226b@%3Cc-dev.xerces.apache.org%3E" } ] }, diff --git a/2018/1xxx/CVE-2018-1351.json b/2018/1xxx/CVE-2018-1351.json index 93cf1ac38eb..ab863d09a11 100644 --- a/2018/1xxx/CVE-2018-1351.json +++ b/2018/1xxx/CVE-2018-1351.json @@ -35,7 +35,7 @@ "description_data": [ { "lang": "eng", - "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0 and below versions allows attacker to execute HTML/javascript code via managed remote devices' CLI commands by viewing the remote device CLI config installation log." + "value": "A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.6 and below versions allows attacker to execute HTML/javascript code via managed remote devices CLI commands by viewing the remote device CLI config installation log." } ] }, diff --git a/2018/20xxx/CVE-2018-20105.json b/2018/20xxx/CVE-2018-20105.json index 28a219fdba9..452d843ed7d 100644 --- a/2018/20xxx/CVE-2018-20105.json +++ b/2018/20xxx/CVE-2018-20105.json @@ -1,9 +1,61 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2020-01-27T00:00:00.000Z", "ID": "CVE-2018-20105", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "yast2-rmt exposes CA private key passhrase in log-file" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SUSE Linux Enterprise Server 15", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "yast2-rmt", + "version_value": "1.2.2" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + }, + { + "product": { + "product_data": [ + { + "product_name": "Leap", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "yast2-rmt", + "version_value": "1.2.2" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Fabian Schilling of SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +63,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Inclusion of Sensitive Information in Log Files vulnerability in yast2-rmt of SUSE Linux Enterprise Server 15; openSUSE Leap allows local attackers to learn the password if they can access the log file. This issue affects: SUSE Linux Enterprise Server 15 yast2-rmt versions prior to 1.2.2. openSUSE Leap yast2-rmt versions prior to 1.2.2." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532: Inclusion of Sensitive Information in Log Files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1119835", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1119835" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1119835", + "defect": [ + "1119835" + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20406.json b/2018/20xxx/CVE-2018-20406.json index b81d872c062..9dfc2cf16a7 100644 --- a/2018/20xxx/CVE-2018-20406.json +++ b/2018/20xxx/CVE-2018-20406.json @@ -116,6 +116,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3725", "url": "https://access.redhat.com/errata/RHSA-2019:3725" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2018/20xxx/CVE-2018-20676.json b/2018/20xxx/CVE-2018-20676.json index 05d085ec15d..47cd30ecb7d 100644 --- a/2018/20xxx/CVE-2018-20676.json +++ b/2018/20xxx/CVE-2018-20676.json @@ -96,6 +96,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:3023", "url": "https://access.redhat.com/errata/RHSA-2019:3023" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0132", + "url": "https://access.redhat.com/errata/RHSA-2020:0132" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0133", + "url": "https://access.redhat.com/errata/RHSA-2020:0133" } ] } diff --git a/2018/20xxx/CVE-2018-20677.json b/2018/20xxx/CVE-2018-20677.json index f17331a1b89..febe2f56453 100644 --- a/2018/20xxx/CVE-2018-20677.json +++ b/2018/20xxx/CVE-2018-20677.json @@ -101,6 +101,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:3023", "url": "https://access.redhat.com/errata/RHSA-2019:3023" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0132", + "url": "https://access.redhat.com/errata/RHSA-2020:0132" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0133", + "url": "https://access.redhat.com/errata/RHSA-2020:0133" } ] } diff --git a/2018/20xxx/CVE-2018-20684.json b/2018/20xxx/CVE-2018-20684.json index 65272d33daa..33c88ea1a1f 100644 --- a/2018/20xxx/CVE-2018-20684.json +++ b/2018/20xxx/CVE-2018-20684.json @@ -76,6 +76,11 @@ "name": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt", "refsource": "MISC", "url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/20xxx/CVE-2018-20852.json b/2018/20xxx/CVE-2018-20852.json index 551ff861c8f..94b3503f277 100644 --- a/2018/20xxx/CVE-2018-20852.json +++ b/2018/20xxx/CVE-2018-20852.json @@ -116,6 +116,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3948", "url": "https://access.redhat.com/errata/RHSA-2019:3948" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2018/20xxx/CVE-2018-20856.json b/2018/20xxx/CVE-2018-20856.json index 36829ac0735..7d5bdde5ca5 100644 --- a/2018/20xxx/CVE-2018-20856.json +++ b/2018/20xxx/CVE-2018-20856.json @@ -146,6 +146,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:3217", "url": "https://access.redhat.com/errata/RHSA-2019:3217" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0100", + "url": "https://access.redhat.com/errata/RHSA-2020:0100" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0103", + "url": "https://access.redhat.com/errata/RHSA-2020:0103" } ] } diff --git a/2018/20xxx/CVE-2018-20976.json b/2018/20xxx/CVE-2018-20976.json index 91d29ae32ca..dc6712850c4 100644 --- a/2018/20xxx/CVE-2018-20976.json +++ b/2018/20xxx/CVE-2018-20976.json @@ -106,6 +106,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0178", + "url": "https://access.redhat.com/errata/RHSA-2020:0178" } ] } diff --git a/2018/21xxx/CVE-2018-21015.json b/2018/21xxx/CVE-2018-21015.json index 89b9aadfcec..948c9794296 100644 --- a/2018/21xxx/CVE-2018-21015.json +++ b/2018/21xxx/CVE-2018-21015.json @@ -56,6 +56,11 @@ "url": "https://github.com/gpac/gpac/issues/1179", "refsource": "MISC", "name": "https://github.com/gpac/gpac/issues/1179" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html" } ] } diff --git a/2018/21xxx/CVE-2018-21016.json b/2018/21xxx/CVE-2018-21016.json index 605952c733b..2298dbb1013 100644 --- a/2018/21xxx/CVE-2018-21016.json +++ b/2018/21xxx/CVE-2018-21016.json @@ -56,6 +56,11 @@ "url": "https://github.com/gpac/gpac/issues/1180", "refsource": "MISC", "name": "https://github.com/gpac/gpac/issues/1180" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html" } ] } diff --git a/2018/3xxx/CVE-2018-3693.json b/2018/3xxx/CVE-2018-3693.json index 2fa762e03f8..c38b198ea55 100644 --- a/2018/3xxx/CVE-2018-3693.json +++ b/2018/3xxx/CVE-2018-3693.json @@ -91,6 +91,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1946", "url": "https://access.redhat.com/errata/RHSA-2019:1946" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] } diff --git a/2018/3xxx/CVE-2018-3977.json b/2018/3xxx/CVE-2018-3977.json index 62ca82c2575..8a50ad56517 100644 --- a/2018/3xxx/CVE-2018-3977.json +++ b/2018/3xxx/CVE-2018-3977.json @@ -72,6 +72,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190727 [SECURITY] [DLA 1865-1] sdl-image1.2 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00026.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2018/4xxx/CVE-2018-4833.json b/2018/4xxx/CVE-2018-4833.json index 597674f436b..8bbf0c680e5 100644 --- a/2018/4xxx/CVE-2018-4833.json +++ b/2018/4xxx/CVE-2018-4833.json @@ -5,8 +5,8 @@ "STATE": "PUBLIC" }, "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", "affects": { "vendor": { "vendor_data": [ @@ -35,7 +35,7 @@ } }, { - "product_name": "SCALANCE X-200", + "product_name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)", "version": { "version_data": [ { @@ -45,7 +45,7 @@ } }, { - "product_name": "SCALANCE X-200IRT", + "product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)", "version": { "version_data": [ { @@ -55,7 +55,7 @@ } }, { - "product_name": "SCALANCE X-200RNA", + "product_name": "SCALANCE X-200RNA switch family", "version": { "version_data": [ { @@ -65,11 +65,11 @@ } }, { - "product_name": "SCALANCE X-300", + "product_name": "SCALANCE X-300 switch family (incl. SIPLUS NET variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V4.1.3" } ] } @@ -79,7 +79,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V4.1.3" } ] } @@ -122,6 +122,14 @@ } ] }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in RFID 181-EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request." + } + ] + }, "references": { "reference_data": [ { @@ -130,13 +138,5 @@ "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-181018.pdf" } ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in RFID 181-EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 (All versions < V5.2.3), SCALANCE X-200IRT (All versions < V5.4.1), SCALANCE X-200RNA (All versions < V3.2.6), SCALANCE X-300 (All versions), SCALANCE X408 (All versions), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client\u2019s DHCP request." - } - ] } } \ No newline at end of file diff --git a/2018/4xxx/CVE-2018-4842.json b/2018/4xxx/CVE-2018-4842.json index c47d6321638..fb22ee1a952 100644 --- a/2018/4xxx/CVE-2018-4842.json +++ b/2018/4xxx/CVE-2018-4842.json @@ -1,47 +1,45 @@ { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", - "DATE_PUBLIC": "2018-06-12T00:00:00", "ID": "CVE-2018-4842", "STATE": "PUBLIC" }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "Siemens AG", "product": { "product_data": [ { - "product_name": "SCALANCE X-200 IRT, SCALANCE X300", + "product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)", "version": { "version_data": [ { - "version_value": "SCALANCE X-200 IRT : All versions < V5.4.1" - }, + "version_value": "All versions < V5.4.1" + } + ] + } + }, + { + "product_name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)", + "version": { + "version_data": [ { - "version_value": "SCALANCE X300 : All versions" + "version_value": "All versions < V4.1.3" } ] } } ] - }, - "vendor_name": "Siemens AG" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 IRT (All versions < V5.4.1), SCALANCE X300 (All versions). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if the HRP redundancy option is set. This code could be executed in the web browser of victims visiting this web site (XSS), affecting its confidentiality, integrity and availability. User interaction is required for successful exploitation, as the user needs to visit the manipulated web site." - } - ] - }, "problemtype": { "problemtype_data": [ { @@ -54,17 +52,25 @@ } ] }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). A remote, authenticated attacker with access to the configuration web server could be able to store script code on the web site, if the HRP redundancy option is set. This code could be executed in the web browser of victims visiting this web site (XSS), affecting its confidentiality, integrity and availability. User interaction is required for successful exploitation, as the user needs to visit the manipulated web site. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it." + } + ] + }, "references": { "reference_data": [ { - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf", - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf" }, { - "name": "104494", "refsource": "BID", - "url": "http://www.securityfocus.com/bid/104494" + "name": "104494", + "url": "https://www.securityfocus.com/bid/104494" } ] } diff --git a/2018/4xxx/CVE-2018-4848.json b/2018/4xxx/CVE-2018-4848.json index 68fc6280a3c..51bf82ca119 100644 --- a/2018/4xxx/CVE-2018-4848.json +++ b/2018/4xxx/CVE-2018-4848.json @@ -1,50 +1,55 @@ { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", - "DATE_PUBLIC": "2018-06-12T00:00:00", "ID": "CVE-2018-4848", "STATE": "PUBLIC" }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", "affects": { "vendor": { "vendor_data": [ { + "vendor_name": "Siemens AG", "product": { "product_data": [ { - "product_name": "SCALANCE X-200, SCALANCE X-200 IRT, SCALANCE X300", + "product_name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)", "version": { "version_data": [ { - "version_value": "SCALANCE X-200 : All versions < V5.2.3" - }, + "version_value": "All versions < V5.2.3" + } + ] + } + }, + { + "product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)", + "version": { + "version_data": [ { - "version_value": "SCALANCE X-200 IRT : All versions < V5.4.1" - }, + "version_value": "All versions < V5.4.1" + } + ] + } + }, + { + "product_name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)", + "version": { + "version_data": [ { - "version_value": "SCALANCE X300 : All versions" + "version_value": "All versions < V4.1.3" } ] } } ] - }, - "vendor_name": "Siemens AG" + } } ] } }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 (All versions < V5.2.3), SCALANCE X-200 IRT (All versions < V5.4.1), SCALANCE X300 (All versions). The integrated configuration web server of the affected Scalance X Switches could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it." - } - ] - }, "problemtype": { "problemtype_data": [ { @@ -57,17 +62,25 @@ } ] }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). The integrated configuration web server of the affected Scalance X Switches could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user must be logged into the web interface in order for the exploitation to succeed. At the stage of publishing this security advisory no public exploitation is known. The vendor has confirmed the vulnerability and provides mitigations to resolve it." + } + ] + }, "references": { "reference_data": [ { - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf", - "refsource": "CONFIRM", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf" + "refsource": "BID", + "name": "104494", + "url": "http://www.securityfocus.com/bid/104494" }, { - "name": "104494", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/104494" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480829.pdf" } ] } diff --git a/2018/5xxx/CVE-2018-5333.json b/2018/5xxx/CVE-2018-5333.json index b950ad4ab44..7fa4ad8ce9c 100644 --- a/2018/5xxx/CVE-2018-5333.json +++ b/2018/5xxx/CVE-2018-5333.json @@ -121,6 +121,11 @@ "name": "USN-3619-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3619-1/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html" } ] } diff --git a/2018/5xxx/CVE-2018-5391.json b/2018/5xxx/CVE-2018-5391.json index 012c524e5cc..694fc020dcd 100644 --- a/2018/5xxx/CVE-2018-5391.json +++ b/2018/5xxx/CVE-2018-5391.json @@ -225,6 +225,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K74374841?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K74374841?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en" } ] }, diff --git a/2018/5xxx/CVE-2018-5407.json b/2018/5xxx/CVE-2018-5407.json index 73825b67eb1..ac3edca31b3 100644 --- a/2018/5xxx/CVE-2018-5407.json +++ b/2018/5xxx/CVE-2018-5407.json @@ -181,6 +181,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3932", "url": "https://access.redhat.com/errata/RHSA-2019:3932" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/6xxx/CVE-2018-6829.json b/2018/6xxx/CVE-2018-6829.json index 49e39b3c7e3..a0cf9a3edd6 100644 --- a/2018/6xxx/CVE-2018-6829.json +++ b/2018/6xxx/CVE-2018-6829.json @@ -66,6 +66,11 @@ "name": "https://github.com/weikengchen/attack-on-libgcrypt-elgamal", "refsource": "MISC", "url": "https://github.com/weikengchen/attack-on-libgcrypt-elgamal" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/8xxx/CVE-2018-8012.json b/2018/8xxx/CVE-2018-8012.json index 97f9e5c0699..27da4f875f6 100644 --- a/2018/8xxx/CVE-2018-8012.json +++ b/2018/8xxx/CVE-2018-8012.json @@ -82,6 +82,11 @@ "refsource": "MLIST", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2018/8xxx/CVE-2018-8032.json b/2018/8xxx/CVE-2018-8032.json index ca3b59b75fc..c4d4080fdaf 100644 --- a/2018/8xxx/CVE-2018-8032.json +++ b/2018/8xxx/CVE-2018-8032.json @@ -77,6 +77,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2018/8xxx/CVE-2018-8038.json b/2018/8xxx/CVE-2018-8038.json index dd8c767eefc..9abbe27c1a1 100644 --- a/2018/8xxx/CVE-2018-8038.json +++ b/2018/8xxx/CVE-2018-8038.json @@ -72,6 +72,11 @@ "name": "http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc", "refsource": "CONFIRM", "url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2018/8xxx/CVE-2018-8039.json b/2018/8xxx/CVE-2018-8039.json index c8bee967390..4c642df4304 100644 --- a/2018/8xxx/CVE-2018-8039.json +++ b/2018/8xxx/CVE-2018-8039.json @@ -135,6 +135,16 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] } diff --git a/2018/8xxx/CVE-2018-8413.json b/2018/8xxx/CVE-2018-8413.json index c9cd60f7db5..7df3ef16782 100644 --- a/2018/8xxx/CVE-2018-8413.json +++ b/2018/8xxx/CVE-2018-8413.json @@ -204,6 +204,11 @@ "name": "105448", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105448" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156027/Microsoft-Windows-Theme-API-File-Parsing.html", + "url": "http://packetstormsecurity.com/files/156027/Microsoft-Windows-Theme-API-File-Parsing.html" } ] } diff --git a/2018/8xxx/CVE-2018-8654.json b/2018/8xxx/CVE-2018-8654.json index 6679fd05055..9353b23e7ef 100644 --- a/2018/8xxx/CVE-2018-8654.json +++ b/2018/8xxx/CVE-2018-8654.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-8654", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2018-8654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Dynamics 365 (on-premises) version 8", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An elevation of privilege vulnerability exists in Microsoft Dynamics 365 Server, aka 'Microsoft Dynamics 365 Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8654", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8654" } ] } diff --git a/2018/8xxx/CVE-2018-8828.json b/2018/8xxx/CVE-2018-8828.json index d9a7fcee575..27b7f90f25d 100644 --- a/2018/8xxx/CVE-2018-8828.json +++ b/2018/8xxx/CVE-2018-8828.json @@ -66,6 +66,11 @@ "name": "DSA-4148", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4148" + }, + { + "refsource": "UBUNTU", + "name": "USN-4240-1", + "url": "https://usn.ubuntu.com/4240-1/" } ] } diff --git a/2018/9xxx/CVE-2018-9018.json b/2018/9xxx/CVE-2018-9018.json index a4dd5186820..ee6ae201407 100644 --- a/2018/9xxx/CVE-2018-9018.json +++ b/2018/9xxx/CVE-2018-9018.json @@ -76,6 +76,16 @@ "name": "103526", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103526" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-f12cb1ddab", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3IYH7QSNXXOIDFTYLY455ANZ3JWQ7FCS/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-210b0a6e4f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FS76VNCFL3FVRMGXQEMHBOKA7EE46BTS/" } ] } diff --git a/2019/0xxx/CVE-2019-0086.json b/2019/0xxx/CVE-2019-0086.json index 66f6d92228e..9c84675e6c1 100644 --- a/2019/0xxx/CVE-2019-0086.json +++ b/2019/0xxx/CVE-2019-0086.json @@ -53,6 +53,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K35815741", "url": "https://support.f5.com/csp/article/K35815741" + }, + { + "refsource": "MISC", + "name": "https://danishcyberdefence.dk/blog/dal", + "url": "https://danishcyberdefence.dk/blog/dal" } ] }, diff --git a/2019/0xxx/CVE-2019-0141.json b/2019/0xxx/CVE-2019-0141.json index e361d2aafe8..353f9106aaa 100644 --- a/2019/0xxx/CVE-2019-0141.json +++ b/2019/0xxx/CVE-2019-0141.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0141", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0141", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0192.json b/2019/0xxx/CVE-2019-0192.json index f47148313a8..ad89e7b605f 100644 --- a/2019/0xxx/CVE-2019-0192.json +++ b/2019/0xxx/CVE-2019-0192.json @@ -107,6 +107,11 @@ "refsource": "MLIST", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2019/0xxx/CVE-2019-0193.json b/2019/0xxx/CVE-2019-0193.json index 35aaa7d023f..2187cf1a2b9 100644 --- a/2019/0xxx/CVE-2019-0193.json +++ b/2019/0xxx/CVE-2019-0193.json @@ -98,6 +98,11 @@ "refsource": "MLIST", "name": "[lucene-issues] 20191130 [jira] [Closed] (SOLR-13669) [CVE-2019-0193] Remote Code Execution via DataImportHandler", "url": "https://lists.apache.org/thread.html/9b0e7a7e3e18d0724f511403b364fc082ff56e3134d84cfece1c82fc@%3Cissues.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] }, diff --git a/2019/0xxx/CVE-2019-0195.json b/2019/0xxx/CVE-2019-0195.json index 913610e927e..9abf7dea9c2 100644 --- a/2019/0xxx/CVE-2019-0195.json +++ b/2019/0xxx/CVE-2019-0195.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[tapestry-users] 20191014 Re: [CVE-2019-0195] Apache Tapestry vulnerability disclosure", "url": "https://lists.apache.org/thread.html/6c40c1e03d2131119f9b77882431a0050f02bf9cae9ee48b84d012df@%3Cusers.tapestry.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html", + "url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E" } ] }, diff --git a/2019/0xxx/CVE-2019-0199.json b/2019/0xxx/CVE-2019-0199.json index 93cedd7b58b..fe3ff5108f5 100644 --- a/2019/0xxx/CVE-2019-0199.json +++ b/2019/0xxx/CVE-2019-0199.json @@ -188,6 +188,11 @@ "refsource": "BUGTRAQ", "name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", "url": "https://seclists.org/bugtraq/2019/Dec/43" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2019/0xxx/CVE-2019-0205.json b/2019/0xxx/CVE-2019-0205.json index 991095b4142..a0bcd0fb5d0 100644 --- a/2019/0xxx/CVE-2019-0205.json +++ b/2019/0xxx/CVE-2019-0205.json @@ -93,6 +93,41 @@ "refsource": "MLIST", "name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15420) CVE-2019-0205(Apache Thrift all versions up to and including 0.12.0) on version Cassendra 3.11.4", "url": "https://lists.apache.org/thread.html/003ac686189e6ce7b99267784d04bf60059a8c323eeda5a79a0309b8@%3Ccommits.cassandra.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[hive-dev] 20200116 [jira] [Created] (HIVE-22738) CVE-2019-0205", + "url": "https://lists.apache.org/thread.html/r50bf84c60867574238d18cdad5da9f303b618114c35566a3a001ae08@%3Cdev.hive.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[hive-issues] 20200116 [jira] [Updated] (HIVE-22738) CVE-2019-0205", + "url": "https://lists.apache.org/thread.html/r73a3c8b80765e3d2430ff51f22b778d0c917919f01815b69ed16cf9d@%3Cissues.hive.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[thrift-dev] 20200124 [jira] [Commented] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", + "url": "https://lists.apache.org/thread.html/r0d08f5576286f4a042aabde13ecf58979644f6dc210f25aa9a4d469b@%3Cdev.thrift.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[thrift-dev] 20200124 [jira] [Created] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", + "url": "https://lists.apache.org/thread.html/rf359e5cc6a185494fc0cfe837fe82f7db2ef49242d35cbf3895aebce@%3Cdev.thrift.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[thrift-dev] 20200125 [jira] [Comment Edited] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", + "url": "https://lists.apache.org/thread.html/r228ac842260c2c516af7b09f3cf4cf76e5b9c002e359954a203ab5a5@%3Cdev.thrift.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[thrift-dev] 20200125 [jira] [Commented] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", + "url": "https://lists.apache.org/thread.html/r4633082b834eebccd0d322697651d931ab10ca9c51ee7ef18e1f60f4@%3Cdev.thrift.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[thrift-dev] 20200127 [jira] [Commented] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version", + "url": "https://lists.apache.org/thread.html/r137753c9df8dd9065bea27a26af49aadc406b5a57fc584fefa008afd@%3Cdev.thrift.apache.org%3E" } ] }, diff --git a/2019/0xxx/CVE-2019-0207.json b/2019/0xxx/CVE-2019-0207.json index 59168282c3c..accb9e38962 100644 --- a/2019/0xxx/CVE-2019-0207.json +++ b/2019/0xxx/CVE-2019-0207.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[tapestry-users] 20191007 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure", "url": "https://lists.apache.org/thread.html/bac8d6f9e1b4059b319d9cba6f33219a99b81623476ec896138f851c@%3Cusers.tapestry.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html", + "url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E" } ] }, diff --git a/2019/0xxx/CVE-2019-0215.json b/2019/0xxx/CVE-2019-0215.json index 9215abd1bc3..088f2bd3ebc 100644 --- a/2019/0xxx/CVE-2019-0215.json +++ b/2019/0xxx/CVE-2019-0215.json @@ -131,6 +131,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2019/0xxx/CVE-2019-0219.json b/2019/0xxx/CVE-2019-0219.json index 03d12469e89..85c6b68f2b3 100644 --- a/2019/0xxx/CVE-2019-0219.json +++ b/2019/0xxx/CVE-2019-0219.json @@ -1,17 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0219", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0219", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Cordova", + "version": { + "version_data": [ + { + "version_value": "Cordova Android applications using the InAppBrowser plugin ( cordova-plugin-inappbrowser version 3.0.0 and below )" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[oss-security] 20191127 CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android)", + "url": "http://www.openwall.com/lists/oss-security/2019/11/28/1" + }, + { + "refsource": "MLIST", + "name": "[cordova-dev] 20191128 CVE-2019-0219: Apache Cordova InAppBrowser Privilege Escalation (Android)", + "url": "https://lists.apache.org/thread.html/197482d5ab80c0bff4a5ec16e1b0466df38389d9a4b5331d777f14fc%40%3Cdev.cordova.apache.org%3E" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI." } ] } diff --git a/2019/0xxx/CVE-2019-0221.json b/2019/0xxx/CVE-2019-0221.json index bed0c3c5f03..b5f693fedbf 100644 --- a/2019/0xxx/CVE-2019-0221.json +++ b/2019/0xxx/CVE-2019-0221.json @@ -139,6 +139,11 @@ "refsource": "BUGTRAQ", "name": "20191229 [SECURITY] [DSA 4596-1] tomcat8 security update", "url": "https://seclists.org/bugtraq/2019/Dec/43" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2019/0xxx/CVE-2019-0227.json b/2019/0xxx/CVE-2019-0227.json index 08538c3a932..2aa18b7520b 100644 --- a/2019/0xxx/CVE-2019-0227.json +++ b/2019/0xxx/CVE-2019-0227.json @@ -53,6 +53,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2019/0xxx/CVE-2019-0232.json b/2019/0xxx/CVE-2019-0232.json index 3a88bc62490..97b58387763 100644 --- a/2019/0xxx/CVE-2019-0232.json +++ b/2019/0xxx/CVE-2019-0232.json @@ -164,6 +164,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2019/0xxx/CVE-2019-0542.json b/2019/0xxx/CVE-2019-0542.json index 7ec924d9acf..32adb8f0fc6 100644 --- a/2019/0xxx/CVE-2019-0542.json +++ b/2019/0xxx/CVE-2019-0542.json @@ -1,86 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "secure@microsoft.com", - "ID": "CVE-2019-0542", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "xterm.js", - "version": { - "version_data": [ - { - "version_value": "xterm.js" - } - ] - } - } - ] - }, - "vendor_name": "https://xtermjs.org/" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0542", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka \"Xterm Remote Code Execution Vulnerability.\" This affects xterm.js." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote Code Execution" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "https://github.com/xtermjs/xterm.js/releases", - "refsource": "MISC", - "url": "https://github.com/xtermjs/xterm.js/releases" - }, - { - "name": "106434", - "refsource": "BID", - "url": "http://www.securityfocus.com/bid/106434" - }, - { - "refsource": "REDHAT", - "name": "RHBA-2019:0959", - "url": "https://access.redhat.com/errata/RHBA-2019:0959" - }, - { - "refsource": "REDHAT", - "name": "RHSA-2019:1422", - "url": "https://access.redhat.com/errata/RHSA-2019:1422" - }, - { - "refsource": "REDHAT", - "name": "RHSA-2019:2552", - "url": "https://access.redhat.com/errata/RHSA-2019:2552" - }, - { - "refsource": "REDHAT", - "name": "RHSA-2019:2551", - "url": "https://access.redhat.com/errata/RHSA-2019:2551" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0544.json b/2019/0xxx/CVE-2019-0544.json index f58ec1a789a..f26d7688ac6 100644 --- a/2019/0xxx/CVE-2019-0544.json +++ b/2019/0xxx/CVE-2019-0544.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0544", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0544", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0563.json b/2019/0xxx/CVE-2019-0563.json index 08a270150a5..87de000aa31 100644 --- a/2019/0xxx/CVE-2019-0563.json +++ b/2019/0xxx/CVE-2019-0563.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0563", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0563", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0587.json b/2019/0xxx/CVE-2019-0587.json index ce6a70438a0..180cef0eda1 100644 --- a/2019/0xxx/CVE-2019-0587.json +++ b/2019/0xxx/CVE-2019-0587.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0587", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0587", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0589.json b/2019/0xxx/CVE-2019-0589.json index 5ab66ff1d70..426967ceedb 100644 --- a/2019/0xxx/CVE-2019-0589.json +++ b/2019/0xxx/CVE-2019-0589.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0589", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0589", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0629.json b/2019/0xxx/CVE-2019-0629.json index e1dcdbccb34..b9b9aaf70be 100644 --- a/2019/0xxx/CVE-2019-0629.json +++ b/2019/0xxx/CVE-2019-0629.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0629", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0629", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0638.json b/2019/0xxx/CVE-2019-0638.json index 92ed5438189..d48dfd1c799 100644 --- a/2019/0xxx/CVE-2019-0638.json +++ b/2019/0xxx/CVE-2019-0638.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0638", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0638", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0639.json b/2019/0xxx/CVE-2019-0639.json index 1d10c57ac8e..a346b6cca8c 100644 --- a/2019/0xxx/CVE-2019-0639.json +++ b/2019/0xxx/CVE-2019-0639.json @@ -84,6 +84,11 @@ "refsource": "CONFIRM", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0639", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0639" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-122/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-122/" } ] } diff --git a/2019/0xxx/CVE-2019-0653.json b/2019/0xxx/CVE-2019-0653.json index 0866788568e..342c150cc3a 100644 --- a/2019/0xxx/CVE-2019-0653.json +++ b/2019/0xxx/CVE-2019-0653.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0653", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0653", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0677.json b/2019/0xxx/CVE-2019-0677.json index e697b4aa8a8..85c1709f41d 100644 --- a/2019/0xxx/CVE-2019-0677.json +++ b/2019/0xxx/CVE-2019-0677.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0677", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0677", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0679.json b/2019/0xxx/CVE-2019-0679.json index 851e987aef8..bb46cc81aa9 100644 --- a/2019/0xxx/CVE-2019-0679.json +++ b/2019/0xxx/CVE-2019-0679.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0679", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0679", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0681.json b/2019/0xxx/CVE-2019-0681.json index 8e0d94393d9..d23255a1f7d 100644 --- a/2019/0xxx/CVE-2019-0681.json +++ b/2019/0xxx/CVE-2019-0681.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0681", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0681", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0684.json b/2019/0xxx/CVE-2019-0684.json index ade776a3ca0..0f213daf21a 100644 --- a/2019/0xxx/CVE-2019-0684.json +++ b/2019/0xxx/CVE-2019-0684.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0684", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0684", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0687.json b/2019/0xxx/CVE-2019-0687.json index 819d53aad1a..cb07f588a8d 100644 --- a/2019/0xxx/CVE-2019-0687.json +++ b/2019/0xxx/CVE-2019-0687.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0687", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0687", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0691.json b/2019/0xxx/CVE-2019-0691.json index c8cc83c0812..67898eb4216 100644 --- a/2019/0xxx/CVE-2019-0691.json +++ b/2019/0xxx/CVE-2019-0691.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0691", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0691", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0699.json b/2019/0xxx/CVE-2019-0699.json index 6fefc200c23..762c3d9674d 100644 --- a/2019/0xxx/CVE-2019-0699.json +++ b/2019/0xxx/CVE-2019-0699.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0699", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0699", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0700.json b/2019/0xxx/CVE-2019-0700.json index 05d51b114a4..63490fb9ffe 100644 --- a/2019/0xxx/CVE-2019-0700.json +++ b/2019/0xxx/CVE-2019-0700.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0700", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0700", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0705.json b/2019/0xxx/CVE-2019-0705.json index fec4dc5ec03..2c58b2906b5 100644 --- a/2019/0xxx/CVE-2019-0705.json +++ b/2019/0xxx/CVE-2019-0705.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0705", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0705", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0706.json b/2019/0xxx/CVE-2019-0706.json index b04d1c71eb6..e08e08c779c 100644 --- a/2019/0xxx/CVE-2019-0706.json +++ b/2019/0xxx/CVE-2019-0706.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0706", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0706", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0737.json b/2019/0xxx/CVE-2019-0737.json index 2cdd6a996b5..2717c8dad2c 100644 --- a/2019/0xxx/CVE-2019-0737.json +++ b/2019/0xxx/CVE-2019-0737.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0737", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0737", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0738.json b/2019/0xxx/CVE-2019-0738.json index af24c556915..e6471c5d562 100644 --- a/2019/0xxx/CVE-2019-0738.json +++ b/2019/0xxx/CVE-2019-0738.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0738", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0738", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0740.json b/2019/0xxx/CVE-2019-0740.json index 1e8580584b6..ee78ffd4871 100644 --- a/2019/0xxx/CVE-2019-0740.json +++ b/2019/0xxx/CVE-2019-0740.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0740", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0740", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0744.json b/2019/0xxx/CVE-2019-0744.json index 44ee74514b3..fe340e4085c 100644 --- a/2019/0xxx/CVE-2019-0744.json +++ b/2019/0xxx/CVE-2019-0744.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0744", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0744", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0745.json b/2019/0xxx/CVE-2019-0745.json index 3c551082c3e..7491afda740 100644 --- a/2019/0xxx/CVE-2019-0745.json +++ b/2019/0xxx/CVE-2019-0745.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0745", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0745", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0747.json b/2019/0xxx/CVE-2019-0747.json index d7a7d20c6de..879274fe726 100644 --- a/2019/0xxx/CVE-2019-0747.json +++ b/2019/0xxx/CVE-2019-0747.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0747", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0747", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0749.json b/2019/0xxx/CVE-2019-0749.json index 1929c4666d7..0b77f015707 100644 --- a/2019/0xxx/CVE-2019-0749.json +++ b/2019/0xxx/CVE-2019-0749.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0749", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0749", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0750.json b/2019/0xxx/CVE-2019-0750.json index e5be4c89326..ad2963af4c5 100644 --- a/2019/0xxx/CVE-2019-0750.json +++ b/2019/0xxx/CVE-2019-0750.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0750", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0750", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0751.json b/2019/0xxx/CVE-2019-0751.json index ab97fd4da02..21bbedd5250 100644 --- a/2019/0xxx/CVE-2019-0751.json +++ b/2019/0xxx/CVE-2019-0751.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0751", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0751", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0760.json b/2019/0xxx/CVE-2019-0760.json index a9d7ccc8036..2130e182b8a 100644 --- a/2019/0xxx/CVE-2019-0760.json +++ b/2019/0xxx/CVE-2019-0760.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0760", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0760", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0781.json b/2019/0xxx/CVE-2019-0781.json index 839ccef7377..935c2c790e4 100644 --- a/2019/0xxx/CVE-2019-0781.json +++ b/2019/0xxx/CVE-2019-0781.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0781", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0781", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0789.json b/2019/0xxx/CVE-2019-0789.json index fd6c0454480..e6bde539e78 100644 --- a/2019/0xxx/CVE-2019-0789.json +++ b/2019/0xxx/CVE-2019-0789.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0789", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0789", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0799.json b/2019/0xxx/CVE-2019-0799.json index 8a5d07447c6..125b0e6df6c 100644 --- a/2019/0xxx/CVE-2019-0799.json +++ b/2019/0xxx/CVE-2019-0799.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0799", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0799", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0800.json b/2019/0xxx/CVE-2019-0800.json index ae4a789a602..f4eaa5fe987 100644 --- a/2019/0xxx/CVE-2019-0800.json +++ b/2019/0xxx/CVE-2019-0800.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0800", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0800", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0807.json b/2019/0xxx/CVE-2019-0807.json index 3de3666f8dd..cb7c19c7b3e 100644 --- a/2019/0xxx/CVE-2019-0807.json +++ b/2019/0xxx/CVE-2019-0807.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0807", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0807", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0818.json b/2019/0xxx/CVE-2019-0818.json index b36f3d56bb4..2492b1abb9d 100644 --- a/2019/0xxx/CVE-2019-0818.json +++ b/2019/0xxx/CVE-2019-0818.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0818", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0818", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0832.json b/2019/0xxx/CVE-2019-0832.json index e55de492f19..c73820713a8 100644 --- a/2019/0xxx/CVE-2019-0832.json +++ b/2019/0xxx/CVE-2019-0832.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0832", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0832", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0834.json b/2019/0xxx/CVE-2019-0834.json index 381bfb4e6b5..f99144ea0aa 100644 --- a/2019/0xxx/CVE-2019-0834.json +++ b/2019/0xxx/CVE-2019-0834.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0834", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0834", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0843.json b/2019/0xxx/CVE-2019-0843.json index 8bd83760f8f..c90e5f19b96 100644 --- a/2019/0xxx/CVE-2019-0843.json +++ b/2019/0xxx/CVE-2019-0843.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0843", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0843", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0850.json b/2019/0xxx/CVE-2019-0850.json index 2a9cc95e694..f225842ee46 100644 --- a/2019/0xxx/CVE-2019-0850.json +++ b/2019/0xxx/CVE-2019-0850.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0850", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0850", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0852.json b/2019/0xxx/CVE-2019-0852.json index 57d796bfeaa..ac653bfd080 100644 --- a/2019/0xxx/CVE-2019-0852.json +++ b/2019/0xxx/CVE-2019-0852.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0852", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0852", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0854.json b/2019/0xxx/CVE-2019-0854.json index e80c25dc345..a0226cc601a 100644 --- a/2019/0xxx/CVE-2019-0854.json +++ b/2019/0xxx/CVE-2019-0854.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0854", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0854", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0855.json b/2019/0xxx/CVE-2019-0855.json index d0096942236..22e646500db 100644 --- a/2019/0xxx/CVE-2019-0855.json +++ b/2019/0xxx/CVE-2019-0855.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0855", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0855", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0873.json b/2019/0xxx/CVE-2019-0873.json index 13ff3298ba7..4ff0ac5d00e 100644 --- a/2019/0xxx/CVE-2019-0873.json +++ b/2019/0xxx/CVE-2019-0873.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0873", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0873", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0878.json b/2019/0xxx/CVE-2019-0878.json index 76e06b4bdd9..885765ca160 100644 --- a/2019/0xxx/CVE-2019-0878.json +++ b/2019/0xxx/CVE-2019-0878.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0878", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0878", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0883.json b/2019/0xxx/CVE-2019-0883.json index cb852ab7fa2..d5891f47cef 100644 --- a/2019/0xxx/CVE-2019-0883.json +++ b/2019/0xxx/CVE-2019-0883.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0883", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0883", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0910.json b/2019/0xxx/CVE-2019-0910.json index 062429de532..1568787c8a7 100644 --- a/2019/0xxx/CVE-2019-0910.json +++ b/2019/0xxx/CVE-2019-0910.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0910", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0910", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0919.json b/2019/0xxx/CVE-2019-0919.json index f5df7f419e6..a112856b113 100644 --- a/2019/0xxx/CVE-2019-0919.json +++ b/2019/0xxx/CVE-2019-0919.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0919", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0919", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0934.json b/2019/0xxx/CVE-2019-0934.json index b23510f1907..9ba7d4f7f10 100644 --- a/2019/0xxx/CVE-2019-0934.json +++ b/2019/0xxx/CVE-2019-0934.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0934", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0934", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0935.json b/2019/0xxx/CVE-2019-0935.json index 25078ea8e16..d89aa13a7e6 100644 --- a/2019/0xxx/CVE-2019-0935.json +++ b/2019/0xxx/CVE-2019-0935.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0935", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0935", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0939.json b/2019/0xxx/CVE-2019-0939.json index e7681237ab5..729b07bf86a 100644 --- a/2019/0xxx/CVE-2019-0939.json +++ b/2019/0xxx/CVE-2019-0939.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0939", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0939", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0944.json b/2019/0xxx/CVE-2019-0944.json index da19dab52f4..e540eb88df5 100644 --- a/2019/0xxx/CVE-2019-0944.json +++ b/2019/0xxx/CVE-2019-0944.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0944", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0944", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0954.json b/2019/0xxx/CVE-2019-0954.json index 765da0c10de..a97ce042069 100644 --- a/2019/0xxx/CVE-2019-0954.json +++ b/2019/0xxx/CVE-2019-0954.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0954", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0954", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0955.json b/2019/0xxx/CVE-2019-0955.json index a420b81da2f..dcfc2d70364 100644 --- a/2019/0xxx/CVE-2019-0955.json +++ b/2019/0xxx/CVE-2019-0955.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0955", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0955", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0964.json b/2019/0xxx/CVE-2019-0964.json index b979888d862..4c56d5da441 100644 --- a/2019/0xxx/CVE-2019-0964.json +++ b/2019/0xxx/CVE-2019-0964.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0964", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0964", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0967.json b/2019/0xxx/CVE-2019-0967.json index 83c6f3e3f58..c7d90de902e 100644 --- a/2019/0xxx/CVE-2019-0967.json +++ b/2019/0xxx/CVE-2019-0967.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0967", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0967", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0969.json b/2019/0xxx/CVE-2019-0969.json index a836b22297d..4ff1c20cfef 100644 --- a/2019/0xxx/CVE-2019-0969.json +++ b/2019/0xxx/CVE-2019-0969.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0969", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0969", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0970.json b/2019/0xxx/CVE-2019-0970.json index c025f86a649..cbabec26115 100644 --- a/2019/0xxx/CVE-2019-0970.json +++ b/2019/0xxx/CVE-2019-0970.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0970", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0970", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0978.json b/2019/0xxx/CVE-2019-0978.json index 5525df0b515..5a15fd2849a 100644 --- a/2019/0xxx/CVE-2019-0978.json +++ b/2019/0xxx/CVE-2019-0978.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0978", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0978", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0987.json b/2019/0xxx/CVE-2019-0987.json index 296551c8449..571548f78a3 100644 --- a/2019/0xxx/CVE-2019-0987.json +++ b/2019/0xxx/CVE-2019-0987.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0987", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0987", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0994.json b/2019/0xxx/CVE-2019-0994.json index d42fa8d27c4..d4a2fbb4ee0 100644 --- a/2019/0xxx/CVE-2019-0994.json +++ b/2019/0xxx/CVE-2019-0994.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0994", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0994", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/0xxx/CVE-2019-0997.json b/2019/0xxx/CVE-2019-0997.json index 341bb9283ba..2372fabc7e3 100644 --- a/2019/0xxx/CVE-2019-0997.json +++ b/2019/0xxx/CVE-2019-0997.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-0997", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-0997", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1010xxx/CVE-2019-1010315.json b/2019/1010xxx/CVE-2019-1010315.json index 7c42a67e16c..60eff5a15cd 100644 --- a/2019/1010xxx/CVE-2019-1010315.json +++ b/2019/1010xxx/CVE-2019-1010315.json @@ -66,6 +66,16 @@ "refsource": "UBUNTU", "name": "USN-4062-1", "url": "https://usn.ubuntu.com/4062-1/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2019/1010xxx/CVE-2019-1010317.json b/2019/1010xxx/CVE-2019-1010317.json index 853dca0c07d..8f4f0f48dfb 100644 --- a/2019/1010xxx/CVE-2019-1010317.json +++ b/2019/1010xxx/CVE-2019-1010317.json @@ -76,6 +76,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-8eeb8f9d3f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IX3J2JML5A7KC2BLGBEFTIIZR3EM7LVJ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2019/1010xxx/CVE-2019-1010319.json b/2019/1010xxx/CVE-2019-1010319.json index fc1e628bb4c..c90c0d01662 100644 --- a/2019/1010xxx/CVE-2019-1010319.json +++ b/2019/1010xxx/CVE-2019-1010319.json @@ -76,6 +76,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-8eeb8f9d3f", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IX3J2JML5A7KC2BLGBEFTIIZR3EM7LVJ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2019/10xxx/CVE-2019-10071.json b/2019/10xxx/CVE-2019-10071.json index fd3a9364604..19b890e67f3 100644 --- a/2019/10xxx/CVE-2019-10071.json +++ b/2019/10xxx/CVE-2019-10071.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[tapestry-users] 20191014 Re: CVE-2019-10071: Apache Tapestry vulnerability disclosure", "url": "https://lists.apache.org/thread.html/7a437dad5af7309aba4d01bfc2463b3ac34e6aafaa565381d3a36460@%3Cusers.tapestry.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tapestry-commits] 20200111 svn commit: r1055136 [2/2] - in /websites/production/tapestry/content: cache/main.pageCache component-rendering.html content-type-and-markup.html dom.html https.html request-processing.html response-compression.html security.html url-rewriting.html", + "url": "https://lists.apache.org/thread.html/r87523dd07886223aa086edc25fe9b8ddb9c1090f7db25b068dc30843@%3Ccommits.tapestry.apache.org%3E" } ] }, diff --git a/2019/10xxx/CVE-2019-10072.json b/2019/10xxx/CVE-2019-10072.json index 4d1b29c4e9f..d0f61d9e069 100644 --- a/2019/10xxx/CVE-2019-10072.json +++ b/2019/10xxx/CVE-2019-10072.json @@ -93,6 +93,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:3931", "url": "https://access.redhat.com/errata/RHSA-2019:3931" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0038", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2019/10xxx/CVE-2019-10080.json b/2019/10xxx/CVE-2019-10080.json index d17cf00f50c..229e3c7537c 100644 --- a/2019/10xxx/CVE-2019-10080.json +++ b/2019/10xxx/CVE-2019-10080.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://nifi.apache.org/security.html#CVE-2019-10080", "url": "https://nifi.apache.org/security.html#CVE-2019-10080" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] }, diff --git a/2019/10xxx/CVE-2019-10083.json b/2019/10xxx/CVE-2019-10083.json index fab566bcdbc..3bfc19a2fe5 100644 --- a/2019/10xxx/CVE-2019-10083.json +++ b/2019/10xxx/CVE-2019-10083.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://nifi.apache.org/security.html#CVE-2019-10083", "url": "https://nifi.apache.org/security.html#CVE-2019-10083" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] }, diff --git a/2019/10xxx/CVE-2019-10086.json b/2019/10xxx/CVE-2019-10086.json index 47acaea3ca5..3065e783fb1 100644 --- a/2019/10xxx/CVE-2019-10086.json +++ b/2019/10xxx/CVE-2019-10086.json @@ -138,6 +138,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0057", "url": "https://access.redhat.com/errata/RHSA-2020:0057" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0194", + "url": "https://access.redhat.com/errata/RHSA-2020:0194" } ] }, diff --git a/2019/10xxx/CVE-2019-10088.json b/2019/10xxx/CVE-2019-10088.json index 5a1686157d2..abcd0975ac9 100644 --- a/2019/10xxx/CVE-2019-10088.json +++ b/2019/10xxx/CVE-2019-10088.json @@ -68,6 +68,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190828-0004/", "url": "https://security.netapp.com/advisory/ntap-20190828-0004/" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2019/10xxx/CVE-2019-10092.json b/2019/10xxx/CVE-2019-10092.json index 0145cc466b9..cc1a9121a36 100644 --- a/2019/10xxx/CVE-2019-10092.json +++ b/2019/10xxx/CVE-2019-10092.json @@ -68,6 +68,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4126", "url": "https://access.redhat.com/errata/RHSA-2019:4126" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2019/10xxx/CVE-2019-10093.json b/2019/10xxx/CVE-2019-10093.json index 97197b1c195..25fb08ffbd1 100644 --- a/2019/10xxx/CVE-2019-10093.json +++ b/2019/10xxx/CVE-2019-10093.json @@ -68,6 +68,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190828-0004/", "url": "https://security.netapp.com/advisory/ntap-20190828-0004/" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2019/10xxx/CVE-2019-10094.json b/2019/10xxx/CVE-2019-10094.json index 883b13f4dc1..6dea2dd59d5 100644 --- a/2019/10xxx/CVE-2019-10094.json +++ b/2019/10xxx/CVE-2019-10094.json @@ -63,6 +63,11 @@ "refsource": "MLIST", "name": "[tika-dev] 20190813 Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}", "url": "https://lists.apache.org/thread.html/39723d8227b248781898c200aa24b154683673287b150a204b83787d@%3Cdev.tika.apache.org%3E" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2019/10xxx/CVE-2019-10098.json b/2019/10xxx/CVE-2019-10098.json index 8f3cf884e05..e87ccdc5748 100644 --- a/2019/10xxx/CVE-2019-10098.json +++ b/2019/10xxx/CVE-2019-10098.json @@ -53,6 +53,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2019/10xxx/CVE-2019-10126.json b/2019/10xxx/CVE-2019-10126.json index 4ed2ce5c449..f667ccc024f 100644 --- a/2019/10xxx/CVE-2019-10126.json +++ b/2019/10xxx/CVE-2019-10126.json @@ -168,6 +168,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3517", "url": "https://access.redhat.com/errata/RHSA-2019:3517" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] }, diff --git a/2019/10xxx/CVE-2019-10160.json b/2019/10xxx/CVE-2019-10160.json index 6222dc66d52..fe91da5ca39 100644 --- a/2019/10xxx/CVE-2019-10160.json +++ b/2019/10xxx/CVE-2019-10160.json @@ -163,6 +163,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-57462fa10d", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] }, diff --git a/2019/10xxx/CVE-2019-10161.json b/2019/10xxx/CVE-2019-10161.json index 2bd518fd058..0d48c549bab 100644 --- a/2019/10xxx/CVE-2019-10161.json +++ b/2019/10xxx/CVE-2019-10161.json @@ -61,6 +61,11 @@ "url": "https://libvirt.org/git/?p=libvirt.git;a=commit;h=aed6a032cead4386472afb24b16196579e239580", "name": "https://libvirt.org/git/?p=libvirt.git;a=commit;h=aed6a032cead4386472afb24b16196579e239580", "refsource": "CONFIRM" + }, + { + "refsource": "UBUNTU", + "name": "USN-4047-2", + "url": "https://usn.ubuntu.com/4047-2/" } ] }, diff --git a/2019/10xxx/CVE-2019-10219.json b/2019/10xxx/CVE-2019-10219.json index fa3a29cff98..bb6e6db2633 100644 --- a/2019/10xxx/CVE-2019-10219.json +++ b/2019/10xxx/CVE-2019-10219.json @@ -63,6 +63,26 @@ "refsource": "MLIST", "name": "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime commented on issue #1469: Update hibernate-validator. Fixes CVE-2019-10219", "url": "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d@%3Cnotifications.accumulo.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0164", + "url": "https://access.redhat.com/errata/RHSA-2020:0164" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0159", + "url": "https://access.redhat.com/errata/RHSA-2020:0159" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0160", + "url": "https://access.redhat.com/errata/RHSA-2020:0160" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0161", + "url": "https://access.redhat.com/errata/RHSA-2020:0161" } ] }, diff --git a/2019/10xxx/CVE-2019-10220.json b/2019/10xxx/CVE-2019-10220.json index 79db383d18c..1640900e822 100644 --- a/2019/10xxx/CVE-2019-10220.json +++ b/2019/10xxx/CVE-2019-10220.json @@ -58,6 +58,11 @@ "refsource": "UBUNTU", "name": "USN-4226-1", "url": "https://usn.ubuntu.com/4226-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] }, diff --git a/2019/10xxx/CVE-2019-10246.json b/2019/10xxx/CVE-2019-10246.json index d2ac04f7b76..dd369813e2f 100644 --- a/2019/10xxx/CVE-2019-10246.json +++ b/2019/10xxx/CVE-2019-10246.json @@ -80,6 +80,16 @@ "refsource": "MLIST", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2019/10xxx/CVE-2019-10247.json b/2019/10xxx/CVE-2019-10247.json index b375cd55842..4fba8846809 100644 --- a/2019/10xxx/CVE-2019-10247.json +++ b/2019/10xxx/CVE-2019-10247.json @@ -108,6 +108,16 @@ "refsource": "MLIST", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2019/10xxx/CVE-2019-10532.json b/2019/10xxx/CVE-2019-10532.json index 1b9b58b1ff5..2b9b3458bce 100644 --- a/2019/10xxx/CVE-2019-10532.json +++ b/2019/10xxx/CVE-2019-10532.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10532", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Null-pointer dereference issue can occur while calculating string length when source string length is zero in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Over-read Issue in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10548.json b/2019/10xxx/CVE-2019-10548.json index ddcb28ee9ca..5ef59551fc7 100644 --- a/2019/10xxx/CVE-2019-10548.json +++ b/2019/10xxx/CVE-2019-10548.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10548", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8053, APQ8096AU, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SXR1130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "While trying to obtain datad ipc handle during DPL initialization, Heap use-after-free issue can occur if modem SSR occurs at same time in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SXR1130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use-After-Free Issue in HLOS Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10558.json b/2019/10xxx/CVE-2019-10558.json index 4cb622a4042..19a522c3e98 100644 --- a/2019/10xxx/CVE-2019-10558.json +++ b/2019/10xxx/CVE-2019-10558.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10558", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "While transferring data from APPS to DSP, Out of bound in FastRPC HLOS Driver due to the data buffer which can be controlled by DSP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCN7605, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Restriction of Operation Within the Bounds of a Memory Buffer in DSP Services" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10561.json b/2019/10xxx/CVE-2019-10561.json index 0da707984a0..a70dc8ced21 100644 --- a/2019/10xxx/CVE-2019-10561.json +++ b/2019/10xxx/CVE-2019-10561.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10561", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10561", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper initialization of local variables which are parameters to sfs api may cause invalid pointer dereference and leads to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QM215, SDA660, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Configuration Issue in Content Protection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10578.json b/2019/10xxx/CVE-2019-10578.json index 9a1ef887f38..e4960bff7dd 100644 --- a/2019/10xxx/CVE-2019-10578.json +++ b/2019/10xxx/CVE-2019-10578.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10578", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Null pointer dereference can occur while parsing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10579.json b/2019/10xxx/CVE-2019-10579.json index 4b3e89ce6d5..912cb149e2d 100644 --- a/2019/10xxx/CVE-2019-10579.json +++ b/2019/10xxx/CVE-2019-10579.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10579", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer over-read can occur while playing the video clip which is not standard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Over-read in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10581.json b/2019/10xxx/CVE-2019-10581.json index 53a8b351a27..deec07b26e0 100644 --- a/2019/10xxx/CVE-2019-10581.json +++ b/2019/10xxx/CVE-2019-10581.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10581", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8053, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8998, Nicobar, QCS605, Rennell, SA6155P, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NULL is assigned to local instance of audio device pointer after free instead of global static pointer and can lead to use after free issue in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8998, Nicobar, QCS605, Rennell, SA6155P, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free Issue in Audio" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10582.json b/2019/10xxx/CVE-2019-10582.json index 6df8b8addfd..12d0f5d812e 100644 --- a/2019/10xxx/CVE-2019-10582.json +++ b/2019/10xxx/CVE-2019-10582.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10582", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10582", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8096AU, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use after free issue due to using of invalidated iterator to delete an object in sensors HAL in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free Issue in Sensors HAL" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10583.json b/2019/10xxx/CVE-2019-10583.json index 510d60e3085..319906a7ef7 100644 --- a/2019/10xxx/CVE-2019-10583.json +++ b/2019/10xxx/CVE-2019-10583.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10583", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8096AU, MDM9607, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use after free issue occurs when camera access sensors data through direct report mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, MDM9607, MSM8909W, Nicobar, QCS605, SA6155P, SDA845, SDM429W, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free Issue in Camera" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10585.json b/2019/10xxx/CVE-2019-10585.json index bdc59ea5d78..e5e3271f0fc 100644 --- a/2019/10xxx/CVE-2019-10585.json +++ b/2019/10xxx/CVE-2019-10585.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10585", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8053, MDM9607, MDM9640, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Possible integer overflow happens when mmap find function will increment refcount every time when it invokes and can lead to use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009, APQ8053, MDM9607, MDM9640, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free issue in DSP Services" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10602.json b/2019/10xxx/CVE-2019-10602.json index 886c18f0384..9121720fc69 100644 --- a/2019/10xxx/CVE-2019-10602.json +++ b/2019/10xxx/CVE-2019-10602.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10602", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCS605, SDA660, SDM845, SDX20, SM8150" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Potential use-after-free heap error during Validate/Present calls on display HW composer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCS605, SDA660, SDM845, SDX20, SM8150" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free Issue in Display" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10606.json b/2019/10xxx/CVE-2019-10606.json index f3d36f342a6..12062de2feb 100644 --- a/2019/10xxx/CVE-2019-10606.json +++ b/2019/10xxx/CVE-2019-10606.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10606", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, QCS605, SDX24" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed by user in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, QCS605, SDX24" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in USB" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10611.json b/2019/10xxx/CVE-2019-10611.json index af357e1857f..ed7c40d3872 100644 --- a/2019/10xxx/CVE-2019-10611.json +++ b/2019/10xxx/CVE-2019-10611.json @@ -1,18 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10611", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-10611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow can occur while processing clip due to lack of check of object size before parsing in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow to Buffer Overflow Issue in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10768.json b/2019/10xxx/CVE-2019-10768.json index fd792658907..92ef476f86f 100644 --- a/2019/10xxx/CVE-2019-10768.json +++ b/2019/10xxx/CVE-2019-10768.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://snyk.io/vuln/SNYK-JS-ANGULAR-534884", "url": "https://snyk.io/vuln/SNYK-JS-ANGULAR-534884" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] }, diff --git a/2019/10xxx/CVE-2019-10770.json b/2019/10xxx/CVE-2019-10770.json index f79783621e4..d5c3e8dd2a0 100644 --- a/2019/10xxx/CVE-2019-10770.json +++ b/2019/10xxx/CVE-2019-10770.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10770", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "io.ratpack:ratpack-core", + "version": { + "version_data": [ + { + "version_value": "all versions from 0.9.10 inclusive and before 1.7.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://snyk.io/vuln/SNYK-JAVA-IORATPACK-534882", + "url": "https://snyk.io/vuln/SNYK-JAVA-IORATPACK-534882" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and before 1.7.6 are vulnerable to Cross-site Scripting (XSS). This affects the development mode error handler when an exception message contains untrusted data. Note the production mode error handler is not vulnerable - so for this to be utilized in production it would require users to not disable development mode." } ] } diff --git a/2019/10xxx/CVE-2019-10779.json b/2019/10xxx/CVE-2019-10779.json index f2b860d45fe..65f62efa7fb 100644 --- a/2019/10xxx/CVE-2019-10779.json +++ b/2019/10xxx/CVE-2019-10779.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10779", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "stroom:stroom-app", + "version": { + "version_data": [ + { + "version_value": "all versions before 5.5.12" + }, + { + "version_value": "all versions of the 6.0.0 branch before 6.0.25" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://snyk.io/vuln/SNYK-JAVA-STROOM-541182", + "url": "https://snyk.io/vuln/SNYK-JAVA-STROOM-541182" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue commands to the Stroom UI via an XSS vulnerability to take full control of the Stroom UI on behalf of the logged-in user." } ] } diff --git a/2019/10xxx/CVE-2019-10780.json b/2019/10xxx/CVE-2019-10780.json index 0a70c0b81c7..8e12ebb5427 100644 --- a/2019/10xxx/CVE-2019-10780.json +++ b/2019/10xxx/CVE-2019-10780.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10780", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BibTeX-ruby", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 5.1.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-RUBY-BIBTEXRUBY-542602", + "url": "https://snyk.io/vuln/SNYK-RUBY-BIBTEXRUBY-542602" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "BibTeX-ruby before 5.1.0 allows shell command injection due to unsanitized user input being passed directly to the built-in Ruby Kernel.open method through BibTeX.open." } ] } diff --git a/2019/10xxx/CVE-2019-10781.json b/2019/10xxx/CVE-2019-10781.json index 9be17fc7ce5..21853b7a518 100644 --- a/2019/10xxx/CVE-2019-10781.json +++ b/2019/10xxx/CVE-2019-10781.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10781", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Snyk", + "product": { + "product_data": [ + { + "product_name": "schema-inspector", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 1.6.9" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Internal Property Tampering" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-SCHEMAINSPECTOR-536970", + "url": "https://snyk.io/vuln/SNYK-JS-SCHEMAINSPECTOR-536970" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/Atinux/schema-inspector/commit/345a7b2eed11bb6128421150d65f4f83fdbb737d", + "url": "https://github.com/Atinux/schema-inspector/commit/345a7b2eed11bb6128421150d65f4f83fdbb737d" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In schema-inspector before 1.6.9, a maliciously crafted JavaScript object can bypass the `sanitize()` and the `validate()` function used within schema-inspector." } ] } diff --git a/2019/10xxx/CVE-2019-10923.json b/2019/10xxx/CVE-2019-10923.json index 943e88af996..169a697dc94 100644 --- a/2019/10xxx/CVE-2019-10923.json +++ b/2019/10xxx/CVE-2019-10923.json @@ -5,8 +5,8 @@ "STATE": "PUBLIC" }, "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", "affects": { "vendor": { "vendor_data": [ @@ -65,7 +65,7 @@ } }, { - "product_name": "SCALANCE X-200IRT", + "product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)", "version": { "version_data": [ { @@ -75,7 +75,7 @@ } }, { - "product_name": "SIMATIC ET 200M", + "product_name": "SIMATIC ET200M (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -85,7 +85,7 @@ } }, { - "product_name": "SIMATIC ET 200S", + "product_name": "SIMATIC ET200S (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -95,7 +95,7 @@ } }, { - "product_name": "SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0)", + "product_name": "SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0)", "version": { "version_data": [ { @@ -105,7 +105,7 @@ } }, { - "product_name": "SIMATIC ET 200pro", + "product_name": "SIMATIC ET200pro (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -115,7 +115,7 @@ } }, { - "product_name": "SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0", + "product_name": "SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant)", "version": { "version_data": [ { @@ -125,7 +125,7 @@ } }, { - "product_name": "SIMATIC S7-300 CPU family (incl. F)", + "product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "version": { "version_data": [ { @@ -135,7 +135,7 @@ } }, { - "product_name": "SIMATIC S7-400 (incl. F) V6 and below", + "product_name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -145,7 +145,7 @@ } }, { - "product_name": "SIMATIC S7-400 PN/DP V7 (incl. F)", + "product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -165,7 +165,7 @@ } }, { - "product_name": "SIMOTION", + "product_name": "SIMOTION (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -195,7 +195,7 @@ } }, { - "product_name": "SINAMICS G110M V4.7 (Control Unit)", + "product_name": "SINAMICS G110M V4.7 Control Unit", "version": { "version_data": [ { @@ -205,7 +205,7 @@ } }, { - "product_name": "SINAMICS G120 V4.7 (Control Unit)", + "product_name": "SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -215,7 +215,7 @@ } }, { - "product_name": "SINAMICS G130 V4.7 (Control Unit)", + "product_name": "SINAMICS G130 V4.7 Control Unit", "version": { "version_data": [ { @@ -225,7 +225,7 @@ } }, { - "product_name": "SINAMICS G150 (Control Unit)", + "product_name": "SINAMICS G150 Control Unit", "version": { "version_data": [ { @@ -235,7 +235,7 @@ } }, { - "product_name": "SINAMICS GH150 V4.7 (Control Unit)", + "product_name": "SINAMICS GH150 V4.7 Control Unit", "version": { "version_data": [ { @@ -245,7 +245,7 @@ } }, { - "product_name": "SINAMICS GL150 V4.7 (Control Unit)", + "product_name": "SINAMICS GL150 V4.7 Control Unit", "version": { "version_data": [ { @@ -255,7 +255,7 @@ } }, { - "product_name": "SINAMICS GM150 V4.7 (Control Unit)", + "product_name": "SINAMICS GM150 V4.7 Control Unit", "version": { "version_data": [ { @@ -265,7 +265,7 @@ } }, { - "product_name": "SINAMICS S110 (Control Unit)", + "product_name": "SINAMICS S110 Control Unit", "version": { "version_data": [ { @@ -275,7 +275,7 @@ } }, { - "product_name": "SINAMICS S120 V4.7 (Control Unit and CBE20)", + "product_name": "SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -285,7 +285,7 @@ } }, { - "product_name": "SINAMICS S150 (Control Unit)", + "product_name": "SINAMICS S150 Control Unit", "version": { "version_data": [ { @@ -295,17 +295,17 @@ } }, { - "product_name": "SINAMICS SL150 V4.7 (Control Unit)", + "product_name": "SINAMICS SL150 V4.7 Control Unit", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V4.7 HF33" } ] } }, { - "product_name": "SINAMICS SM120 V4.7 (Control Unit)", + "product_name": "SINAMICS SM120 V4.7 Control Unit", "version": { "version_data": [ { @@ -352,25 +352,20 @@ } ] }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf" - }, - { - "refsource": "MISC", - "name": "https://www.us-cert.gov/ics/advisories/icsa-19-283-01", - "url": "https://www.us-cert.gov/ics/advisories/icsa-19-283-01" - } - ] - }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT (All versions < V5.2.1), SIMATIC ET 200M (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (All versions), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 (incl. F) V6 and below (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions < V4.7 HF29), SINAMICS G150 (Control Unit) (All versions < V4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit and CBE20) (All versions < V4.7 HF34), SINAMICS S150 (Control Unit) (All versions < V4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations." + "value": "A vulnerability has been identified in CP1604 (All versions < V2.8), CP1616 (All versions < V2.8), Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions < V4.1.1 Patch 05), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions < V4.5.0 Patch 01), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions < V4.5.0), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.2.1), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro (incl. SIPLUS variants) (All versions), SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. SIPLUS NET variant) (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SIMOTION (incl. SIPLUS variants) (All versions), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < V4.7 HF29), SINAMICS G150 Control Unit (All versions < V4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants) (All versions < V4.7 HF34), SINAMICS S150 Control Unit (All versions < V4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). An attacker with network access to an affected product may cause a Denial-of-Service condition by breaking the real-time synchronization (IRT) of the affected installation. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected installation. No user interaction is required to exploit this security vulnerability. The vulnerability impacts the availability of the affected installations." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf" } ] } diff --git a/2019/10xxx/CVE-2019-10934.json b/2019/10xxx/CVE-2019-10934.json index 36e66665f2d..b486dff472a 100644 --- a/2019/10xxx/CVE-2019-10934.json +++ b/2019/10xxx/CVE-2019-10934.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-10934", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10934", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "TIA Portal V14", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "TIA Portal V15", + "version": { + "version_data": [ + { + "version_value": "All versions < V15.1 Upd 4" + } + ] + } + }, + { + "product_name": "TIA Portal V16", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15.1 Upd 4), TIA Portal V16 (All versions). Changing the contents of a configuration file could allow an attacker to execute arbitrary code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system. No user interaction is required. At the time of advisory publication no public exploitation of this security vulnerability was known." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-629512.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-629512.pdf" } ] } diff --git a/2019/10xxx/CVE-2019-10936.json b/2019/10xxx/CVE-2019-10936.json index 185f3db6c9f..a106a45ec70 100644 --- a/2019/10xxx/CVE-2019-10936.json +++ b/2019/10xxx/CVE-2019-10936.json @@ -55,7 +55,7 @@ } }, { - "product_name": "SIMATIC ET 200AL", + "product_name": "SIMATIC ET200AL (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -65,7 +65,7 @@ } }, { - "product_name": "SIMATIC ET 200M", + "product_name": "SIMATIC ET200M (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -75,7 +75,7 @@ } }, { - "product_name": "SIMATIC ET 200MP IM 155-5 PN BA", + "product_name": "SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -85,7 +85,7 @@ } }, { - "product_name": "SIMATIC ET 200MP IM 155-5 PN HF", + "product_name": "SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -95,7 +95,7 @@ } }, { - "product_name": "SIMATIC ET 200MP IM 155-5 PN ST", + "product_name": "SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -105,7 +105,7 @@ } }, { - "product_name": "SIMATIC ET 200S", + "product_name": "SIMATIC ET200S (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -115,7 +115,7 @@ } }, { - "product_name": "SIMATIC ET 200SP IM 155-6 PN BA", + "product_name": "SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -125,7 +125,7 @@ } }, { - "product_name": "SIMATIC ET 200SP IM 155-6 PN HA", + "product_name": "SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -135,7 +135,7 @@ } }, { - "product_name": "SIMATIC ET 200SP IM 155-6 PN HF", + "product_name": "SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -145,7 +145,7 @@ } }, { - "product_name": "SIMATIC ET 200SP IM 155-6 PN HS", + "product_name": "SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -155,7 +155,7 @@ } }, { - "product_name": "SIMATIC ET 200SP IM 155-6 PN ST", + "product_name": "SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -165,7 +165,7 @@ } }, { - "product_name": "SIMATIC ET 200SP IM 155-6 PN/2 HF", + "product_name": "SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -175,7 +175,7 @@ } }, { - "product_name": "SIMATIC ET 200SP IM 155-6 PN/3 HF", + "product_name": "SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -185,7 +185,17 @@ } }, { - "product_name": "SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0)", + "product_name": "SIMATIC ET200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V2.0" + } + ] + } + }, + { + "product_name": "SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0)", "version": { "version_data": [ { @@ -195,7 +205,7 @@ } }, { - "product_name": "SIMATIC ET 200pro", + "product_name": "SIMATIC ET200pro (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -205,7 +215,7 @@ } }, { - "product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\"", + "product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -215,7 +225,7 @@ } }, { - "product_name": "SIMATIC HMI Comfort Panels 4\" - 22\"", + "product_name": "SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -225,7 +235,7 @@ } }, { - "product_name": "SIMATIC HMI KTP Mobile Panels", + "product_name": "SIMATIC HMI KTP Mobile Panels (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -235,7 +245,7 @@ } }, { - "product_name": "SIMATIC PN/PN Coupler", + "product_name": "SIMATIC PN/PN Coupler (incl. SIPLUS NET variants)", "version": { "version_data": [ { @@ -255,17 +265,17 @@ } }, { - "product_name": "SIMATIC S7-1200 CPU family (incl. F)", + "product_name": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V4.4.0" } ] } }, { - "product_name": "SIMATIC S7-1500 CPU family (incl. F)", + "product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "version": { "version_data": [ { @@ -275,7 +285,17 @@ } }, { - "product_name": "SIMATIC S7-300 CPU family (incl. F)", + "product_name": "SIMATIC S7-1500 Software Controller", + "version": { + "version_data": [ + { + "version_value": "All versions < V2.0" + } + ] + } + }, + { + "product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "version": { "version_data": [ { @@ -285,27 +305,7 @@ } }, { - "product_name": "SIMATIC S7-400 PN/DP V7 (incl. F)", - "version": { - "version_data": [ - { - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "SIMATIC S7-400 V6 (incl F) and below", - "version": { - "version_data": [ - { - "version_value": "All versions" - } - ] - } - }, - { - "product_name": "SIMATIC S7-400H V6", + "product_name": "SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -315,7 +315,27 @@ } }, { - "product_name": "SIMATIC S7-410 V8", + "product_name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -355,7 +375,7 @@ } }, { - "product_name": "SINAMICS G110M V4.7 (PN Control Unit)", + "product_name": "SINAMICS G110M V4.7 PN Control Unit", "version": { "version_data": [ { @@ -365,7 +385,7 @@ } }, { - "product_name": "SINAMICS G120 V4.7 (PN Control Unit)", + "product_name": "SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -375,7 +395,7 @@ } }, { - "product_name": "SINAMICS G130 V4.7 (Control Unit)", + "product_name": "SINAMICS G130 V4.7 Control Unit", "version": { "version_data": [ { @@ -385,7 +405,7 @@ } }, { - "product_name": "SINAMICS G150 (Control Unit)", + "product_name": "SINAMICS G150 Control Unit", "version": { "version_data": [ { @@ -395,7 +415,7 @@ } }, { - "product_name": "SINAMICS GH150 V4.7 (Control Unit)", + "product_name": "SINAMICS GH150 V4.7 Control Unit", "version": { "version_data": [ { @@ -405,7 +425,7 @@ } }, { - "product_name": "SINAMICS GL150 V4.7 (Control Unit)", + "product_name": "SINAMICS GL150 V4.7 Control Unit", "version": { "version_data": [ { @@ -415,7 +435,7 @@ } }, { - "product_name": "SINAMICS GM150 V4.7 (Control Unit)", + "product_name": "SINAMICS GM150 V4.7 Control Unit", "version": { "version_data": [ { @@ -425,7 +445,7 @@ } }, { - "product_name": "SINAMICS S110 (Control Unit)", + "product_name": "SINAMICS S110 Control Unit", "version": { "version_data": [ { @@ -435,7 +455,7 @@ } }, { - "product_name": "SINAMICS S120 V4.7 (Control Unit)", + "product_name": "SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -445,7 +465,7 @@ } }, { - "product_name": "SINAMICS S150 (Control Unit)", + "product_name": "SINAMICS S150 Control Unit", "version": { "version_data": [ { @@ -455,7 +475,7 @@ } }, { - "product_name": "SINAMICS SL150 V4.7 (Control Unit)", + "product_name": "SINAMICS SL150 V4.7 Control Unit", "version": { "version_data": [ { @@ -465,7 +485,7 @@ } }, { - "product_name": "SINAMICS SM120 V4.7 (Control Unit)", + "product_name": "SINAMICS SM120 V4.7 Control Unit", "version": { "version_data": [ { @@ -516,7 +536,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions < V1.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM 155-5 PN BA (All versions < V4.3.0), SIMATIC ET 200MP IM 155-5 PN HF (All versions), SIMATIC ET 200MP IM 155-5 PN ST (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM 155-6 PN BA (All versions), SIMATIC ET 200SP IM 155-6 PN HA (All versions), SIMATIC ET 200SP IM 155-6 PN HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN HS (All versions), SIMATIC ET 200SP IM 155-6 PN ST (All versions), SIMATIC ET 200SP IM 155-6 PN/2 HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN/3 HF (All versions < V4.2.1), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (All versions), SIMATIC HMI KTP Mobile Panels (All versions), SIMATIC PN/PN Coupler (All versions), SIMATIC PROFINET Driver (All versions < V2.1), SIMATIC S7-1200 CPU family (incl. F) (All versions), SIMATIC S7-1500 CPU family (incl. F) (All versions < V2.0), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400 V6 (incl F) and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 V8 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions < 4.8), SINAMICS G150 (Control Unit) (All versions < 4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S150 (Control Unit) (All versions < 4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions < V4.7 HF33), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of specially crafted UDP packets are sent to device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions < V1.2.0), SIMATIC ET200AL (incl. SIPLUS variants) (All versions), SIMATIC ET200M (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants) (All versions < V4.3.0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants) (All versions), SIMATIC ET200S (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions < V4.2.2), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions < V4.2.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions < V4.2.1), SIMATIC ET200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET200pro (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants) (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions), SIMATIC HMI KTP Mobile Panels (incl. SIPLUS variants) (All versions), SIMATIC PN/PN Coupler (incl. SIPLUS NET variants) (All versions), SIMATIC PROFINET Driver (All versions < V2.1), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 PN Control Unit (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 Control Unit (All versions < 4.8), SINAMICS G150 Control Unit (All versions < 4.8), SINAMICS GH150 V4.7 Control Unit (All versions), SINAMICS GL150 V4.7 Control Unit (All versions), SINAMICS GM150 V4.7 Control Unit (All versions), SINAMICS S110 Control Unit (All versions), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants) (All versions), SINAMICS S150 Control Unit (All versions < 4.8), SINAMICS SL150 V4.7 Control Unit (All versions < V4.7 HF33), SINAMICS SM120 V4.7 Control Unit (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of specially crafted UDP packets are sent to device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/10xxx/CVE-2019-10938.json b/2019/10xxx/CVE-2019-10938.json index 50f839f4fa6..9f692bd08b3 100644 --- a/2019/10xxx/CVE-2019-10938.json +++ b/2019/10xxx/CVE-2019-10938.json @@ -15,7 +15,7 @@ "product": { "product_data": [ { - "product_name": "Ethernet plug-in communication modules for SIPROTEC 5 devices with CPU variants CP200", + "product_name": "SIPROTEC 5 devices with CPU variants CP200", "version": { "version_data": [ { @@ -25,11 +25,11 @@ } }, { - "product_name": "SIPROTEC 5 devices with CPU variants CP300", + "product_name": "SIPROTEC 5 devices with CPU variants CP300 and CP100", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V8.01" } ] } @@ -56,7 +56,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in Ethernet plug-in communication modules for SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 (All versions). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01). An unauthenticated attacker with network access to the device could potentially insert arbitrary code which is executed before firmware verification in the device. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/10xxx/CVE-2019-10940.json b/2019/10xxx/CVE-2019-10940.json index c7f04c38e6b..3d8e0e5226b 100644 --- a/2019/10xxx/CVE-2019-10940.json +++ b/2019/10xxx/CVE-2019-10940.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-10940", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-10940", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SINEMA Server", + "version": { + "version_data": [ + { + "version_value": "All versions < V14.0 SP2 Update 1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-266: Incorrect Privilege Assignment" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SINEMA Server (All versions < V14.0 SP2 Update 1). Incorrect session validation could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. The security vulnerability could be exploited by an attacker with network access to the affected system. An attacker must have access to a low privileged account in order to exploit the vulnerability. An attacker could use the vulnerability to compromise confidentiality, integrity, and availability of the affected system and underlying components. At the time of advisory publication no public exploitation of this security vulnerability was known." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-880233.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-880233.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-02", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-02" } ] } diff --git a/2019/10xxx/CVE-2019-10956.json b/2019/10xxx/CVE-2019-10956.json index f27efbd3de0..653c3cdc3e5 100644 --- a/2019/10xxx/CVE-2019-10956.json +++ b/2019/10xxx/CVE-2019-10956.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10956", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Geutebruck IP Cameras", + "version": { + "version_data": [ + { + "version_value": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03", + "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated user, using a specially crafted URL command, to execute commands as root." } ] } diff --git a/2019/10xxx/CVE-2019-10957.json b/2019/10xxx/CVE-2019-10957.json index b1b2a3d2907..79492b5cbe4 100644 --- a/2019/10xxx/CVE-2019-10957.json +++ b/2019/10xxx/CVE-2019-10957.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10957", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Geutebruck IP Cameras", + "version": { + "version_data": [ + { + "version_value": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03", + "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to event configuration to store malicious code on the server, which could later be triggered by a legitimate user resulting in code execution within the user\u2019s browser." } ] } diff --git a/2019/10xxx/CVE-2019-10958.json b/2019/10xxx/CVE-2019-10958.json index 16529752a14..ddcc60524ac 100644 --- a/2019/10xxx/CVE-2019-10958.json +++ b/2019/10xxx/CVE-2019-10958.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10958", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Geutebruck IP Cameras", + "version": { + "version_data": [ + { + "version_value": "G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03", + "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-155-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Geutebruck IP Cameras G-Code(EEC-2xxx), G-Cam(EBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx): All versions 1.12.0.25 and prior may allow a remote authenticated attacker with access to network configuration to supply system commands to the server, leading to remote code execution as root." } ] } diff --git a/2019/10xxx/CVE-2019-10995.json b/2019/10xxx/CVE-2019-10995.json index 5c515567930..df7ef22bff6 100644 --- a/2019/10xxx/CVE-2019-10995.json +++ b/2019/10xxx/CVE-2019-10995.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10995", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ABB CP651 HMI products", + "version": { + "version_data": [ + { + "version_value": "BSP UN30 v1.76 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "USE OF HARD-CODED CREDENTIALS CWE-798" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "108928", + "url": "http://www.securityfocus.com/bid/108928" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-178-02", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-178-02" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ABB CP651 HMI products revision BSP UN30 v1.76 and prior implement hidden administrative accounts that are used during the provisioning phase of the HMI interface." } ] } diff --git a/2019/11xxx/CVE-2019-11037.json b/2019/11xxx/CVE-2019-11037.json index e099a550756..f05884bfec8 100644 --- a/2019/11xxx/CVE-2019-11037.json +++ b/2019/11xxx/CVE-2019-11037.json @@ -125,6 +125,11 @@ "refsource": "BUGTRAQ", "name": "20191126 [SECURITY] [DSA 4576-1] php-imagick security update", "url": "https://seclists.org/bugtraq/2019/Nov/39" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0014", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00016.html" } ] }, diff --git a/2019/11xxx/CVE-2019-11045.json b/2019/11xxx/CVE-2019-11045.json index 1a7183b3848..9d3c5a5a8f7 100644 --- a/2019/11xxx/CVE-2019-11045.json +++ b/2019/11xxx/CVE-2019-11045.json @@ -115,6 +115,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a54a622670", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4239-1", + "url": "https://usn.ubuntu.com/4239-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0080", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html" } ] }, diff --git a/2019/11xxx/CVE-2019-11046.json b/2019/11xxx/CVE-2019-11046.json index bdd8c4d717e..d9f80ab7229 100644 --- a/2019/11xxx/CVE-2019-11046.json +++ b/2019/11xxx/CVE-2019-11046.json @@ -120,6 +120,16 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K48866433?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K48866433?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "UBUNTU", + "name": "USN-4239-1", + "url": "https://usn.ubuntu.com/4239-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0080", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html" } ] }, diff --git a/2019/11xxx/CVE-2019-11047.json b/2019/11xxx/CVE-2019-11047.json index 8a5184db238..b25134ec273 100644 --- a/2019/11xxx/CVE-2019-11047.json +++ b/2019/11xxx/CVE-2019-11047.json @@ -115,6 +115,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a54a622670", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4239-1", + "url": "https://usn.ubuntu.com/4239-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0080", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html" } ] }, diff --git a/2019/11xxx/CVE-2019-11050.json b/2019/11xxx/CVE-2019-11050.json index f3c77212ca5..6b441068e0f 100644 --- a/2019/11xxx/CVE-2019-11050.json +++ b/2019/11xxx/CVE-2019-11050.json @@ -115,6 +115,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a54a622670", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWRQPYXVG43Q7DXMXH6UVWMKWGUW552F/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4239-1", + "url": "https://usn.ubuntu.com/4239-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0080", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00036.html" } ] }, diff --git a/2019/11xxx/CVE-2019-11091.json b/2019/11xxx/CVE-2019-11091.json index 887b4724523..5406962cf83 100644 --- a/2019/11xxx/CVE-2019-11091.json +++ b/2019/11xxx/CVE-2019-11091.json @@ -138,6 +138,16 @@ "refsource": "BUGTRAQ", "name": "20191112 [SECURITY] [DSA 4564-1] linux security update", "url": "https://seclists.org/bugtraq/2019/Nov/15" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] }, diff --git a/2019/11xxx/CVE-2019-11135.json b/2019/11xxx/CVE-2019-11135.json index 18c8b6290da..67145483301 100644 --- a/2019/11xxx/CVE-2019-11135.json +++ b/2019/11xxx/CVE-2019-11135.json @@ -138,6 +138,16 @@ "refsource": "REDHAT", "name": "RHSA-2020:0028", "url": "https://access.redhat.com/errata/RHSA-2020:0028" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] }, diff --git a/2019/11xxx/CVE-2019-11236.json b/2019/11xxx/CVE-2019-11236.json index 7962226e231..7bebc10abe3 100644 --- a/2019/11xxx/CVE-2019-11236.json +++ b/2019/11xxx/CVE-2019-11236.json @@ -111,6 +111,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-6148c44137", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-d0d9ad17d8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/" } ] } diff --git a/2019/11xxx/CVE-2019-11244.json b/2019/11xxx/CVE-2019-11244.json index 280e14a073e..ee426f62fc2 100644 --- a/2019/11xxx/CVE-2019-11244.json +++ b/2019/11xxx/CVE-2019-11244.json @@ -129,6 +129,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:3942", "url": "https://access.redhat.com/errata/RHSA-2019:3942" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0020", + "url": "https://access.redhat.com/errata/RHSA-2020:0020" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0074", + "url": "https://access.redhat.com/errata/RHSA-2020:0074" } ] }, diff --git a/2019/11xxx/CVE-2019-11281.json b/2019/11xxx/CVE-2019-11281.json index 9a4c5b92be4..ce2a77276b9 100644 --- a/2019/11xxx/CVE-2019-11281.json +++ b/2019/11xxx/CVE-2019-11281.json @@ -87,6 +87,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-74d2feb5be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0078", + "url": "https://access.redhat.com/errata/RHSA-2020:0078" } ] }, diff --git a/2019/11xxx/CVE-2019-11287.json b/2019/11xxx/CVE-2019-11287.json index 20586271960..a1f22f2c9da 100644 --- a/2019/11xxx/CVE-2019-11287.json +++ b/2019/11xxx/CVE-2019-11287.json @@ -95,6 +95,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-74d2feb5be", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PYTGR3D5FW2O25RXZOTIZMOD2HAUVBE4/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0078", + "url": "https://access.redhat.com/errata/RHSA-2020:0078" + }, + { + "refsource": "MISC", + "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-11287-DoS%20via%20Heap%20Overflow-RabbitMQ%20Web%20Management%20Plugin", + "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-11287-DoS%20via%20Heap%20Overflow-RabbitMQ%20Web%20Management%20Plugin" } ] }, diff --git a/2019/11xxx/CVE-2019-11288.json b/2019/11xxx/CVE-2019-11288.json index ed2dd3e965e..37d01b038cc 100644 --- a/2019/11xxx/CVE-2019-11288.json +++ b/2019/11xxx/CVE-2019-11288.json @@ -3,16 +3,134 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@pivotal.io", + "DATE_PUBLIC": "2020-01-15T00:00:00.000Z", "ID": "CVE-2019-11288", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "tcServer JMX Socket Listener Registry Rebinding Local Privilege Escalation" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Pivotal tc Server 4.x", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "All", + "version_value": "4.0.10" + } + ] + } + }, + { + "product_name": "Pivotal tc Server 3.x", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "All", + "version_value": "3.2.19" + } + ] + } + }, + { + "product_name": "Pivotal tc Server 4.x Runtimes", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "7.x", + "version_value": "7.0.99.B" + }, + { + "affected": "<", + "version_name": "8.x", + "version_value": "8.5.47.A" + }, + { + "affected": "<", + "version_name": "9.x", + "version_value": "9.0.27.A" + } + ] + } + }, + { + "product_name": "Pivotal tc Server 3.x Runtimes", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "7.x", + "version_value": "7.0.99.B" + }, + { + "affected": "<", + "version_name": "8.x", + "version_value": "8.5.47.A" + } + ] + } + } + ] + }, + "vendor_name": "Pivotal" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions prior to 4.0.10, and Pivotal tc Runtimes, 7.x versions prior to 7.0.99.B, 8.x versions prior to 8.5.47.A, and 9.x versions prior to 9.0.27.A, when a tc Runtime instance is configured with the JMX Socket Listener, a local attacker without access to the tc Runtime process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the tc Runtime instance." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2019-11288", + "name": "https://pivotal.io/security/cve-2019-11288" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11318.json b/2019/11xxx/CVE-2019-11318.json index 20caafb568e..4220158c9d3 100644 --- a/2019/11xxx/CVE-2019-11318.json +++ b/2019/11xxx/CVE-2019-11318.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11318", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11318", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://wiki.zimbra.com/wiki/Security_Center", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Security_Center" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109117", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109117" + }, + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.12/P1", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.12/P1" } ] } diff --git a/2019/11xxx/CVE-2019-11324.json b/2019/11xxx/CVE-2019-11324.json index 736892882dd..70d18ce2514 100644 --- a/2019/11xxx/CVE-2019-11324.json +++ b/2019/11xxx/CVE-2019-11324.json @@ -91,6 +91,11 @@ "refsource": "FEDORA", "name": "FEDORA-2020-6148c44137", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-d0d9ad17d8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2/" } ] } diff --git a/2019/11xxx/CVE-2019-11338.json b/2019/11xxx/CVE-2019-11338.json index fbcb08322c2..f74654424d8 100644 --- a/2019/11xxx/CVE-2019-11338.json +++ b/2019/11xxx/CVE-2019-11338.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20190529 [SECURITY] [DLA 1809-1] libav security update", "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00043.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0024", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html" } ] } diff --git a/2019/11xxx/CVE-2019-11339.json b/2019/11xxx/CVE-2019-11339.json index 12e0ff4ccfc..674f0a8e275 100644 --- a/2019/11xxx/CVE-2019-11339.json +++ b/2019/11xxx/CVE-2019-11339.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-3967-1", "url": "https://usn.ubuntu.com/3967-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0024", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html" } ] } diff --git a/2019/11xxx/CVE-2019-11358.json b/2019/11xxx/CVE-2019-11358.json index f6e31caa712..e0584c0bdc6 100644 --- a/2019/11xxx/CVE-2019-11358.json +++ b/2019/11xxx/CVE-2019-11358.json @@ -296,6 +296,16 @@ "refsource": "CONFIRM", "name": "https://www.tenable.com/security/tns-2019-08", "url": "https://www.tenable.com/security/tns-2019-08" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2019/11xxx/CVE-2019-11477.json b/2019/11xxx/CVE-2019-11477.json index cf30c1f3f0a..b9753d54cd4 100644 --- a/2019/11xxx/CVE-2019-11477.json +++ b/2019/11xxx/CVE-2019-11477.json @@ -231,6 +231,11 @@ "refsource": "CONFIRM", "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2019/11xxx/CVE-2019-11478.json b/2019/11xxx/CVE-2019-11478.json index 1edf4ccc9ce..ce80e5601df 100644 --- a/2019/11xxx/CVE-2019-11478.json +++ b/2019/11xxx/CVE-2019-11478.json @@ -230,6 +230,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2019/11xxx/CVE-2019-11479.json b/2019/11xxx/CVE-2019-11479.json index 0909cbc3314..2f03e023d9f 100644 --- a/2019/11xxx/CVE-2019-11479.json +++ b/2019/11xxx/CVE-2019-11479.json @@ -219,6 +219,11 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K35421172?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K35421172?utm_source=f5support&utm_medium=RSS" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2019/11xxx/CVE-2019-11487.json b/2019/11xxx/CVE-2019-11487.json index f5d3fd8a9c6..68116f449ab 100644 --- a/2019/11xxx/CVE-2019-11487.json +++ b/2019/11xxx/CVE-2019-11487.json @@ -191,6 +191,11 @@ "refsource": "UBUNTU", "name": "USN-4145-1", "url": "https://usn.ubuntu.com/4145-1/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] } diff --git a/2019/11xxx/CVE-2019-11498.json b/2019/11xxx/CVE-2019-11498.json index 6923ad99f91..4a37fb2e938 100644 --- a/2019/11xxx/CVE-2019-11498.json +++ b/2019/11xxx/CVE-2019-11498.json @@ -76,6 +76,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-b8a704ff4b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SCK2YJXY6V5CKGKSF2PPN7RL2DXVOC6G/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-e55567b6be", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6CFFFWIWALGQPKINRDW3PRGRD5LOLGZA/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-73274c9df4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BRWQNE3TH5UF64IKHKKHVCHJHUOVKJUH/" } ] } diff --git a/2019/11xxx/CVE-2019-11599.json b/2019/11xxx/CVE-2019-11599.json index fc186eb4b0d..e340f9cfe7f 100644 --- a/2019/11xxx/CVE-2019-11599.json +++ b/2019/11xxx/CVE-2019-11599.json @@ -216,6 +216,21 @@ "refsource": "REDHAT", "name": "RHSA-2019:3517", "url": "https://access.redhat.com/errata/RHSA-2019:3517" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0100", + "url": "https://access.redhat.com/errata/RHSA-2020:0100" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0103", + "url": "https://access.redhat.com/errata/RHSA-2020:0103" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0179", + "url": "https://access.redhat.com/errata/RHSA-2020:0179" } ] } diff --git a/2019/11xxx/CVE-2019-11727.json b/2019/11xxx/CVE-2019-11727.json index c4639bc7c72..8a4963c00c0 100644 --- a/2019/11xxx/CVE-2019-11727.json +++ b/2019/11xxx/CVE-2019-11727.json @@ -84,6 +84,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2260", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0008", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html" } ] }, diff --git a/2019/11xxx/CVE-2019-11745.json b/2019/11xxx/CVE-2019-11745.json index 01a9bdac288..fb2df72abb5 100644 --- a/2019/11xxx/CVE-2019-11745.json +++ b/2019/11xxx/CVE-2019-11745.json @@ -93,6 +93,16 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0002", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0008", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00006.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4241-1", + "url": "https://usn.ubuntu.com/4241-1/" } ] }, diff --git a/2019/11xxx/CVE-2019-11997.json b/2019/11xxx/CVE-2019-11997.json index 5fbe0879ab6..472577e5f1f 100644 --- a/2019/11xxx/CVE-2019-11997.json +++ b/2019/11xxx/CVE-2019-11997.json @@ -4,14 +4,61 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11997", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HPE", + "product": { + "product_data": [ + { + "product_name": "HPE enhanced Internet Usage Manager (eIUM)", + "version": { + "version_data": [ + { + "version_value": "8.3" + }, + { + "version_value": "9.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote cross-site scripting (xss)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03975en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03975en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A potential security vulnerability has been identified in HPE enhanced Internet Usage Manager (eIUM) versions 8.3 and 9.0. The vulnerability could be used for unauthorized access to information via cross site scripting. HPE has made the following software updates to resolve the vulnerability in eIUM. The eIUM 8.3 FP01 customers are advised to install eIUM83FP01Patch_QXCR1001711284.20190806-1244 patch. The eIUM 9.0 customers are advised to upgrade to eIUM 9.0 FP02 PI5 or later versions. For other versions, please, contact the product support." } ] } diff --git a/2019/11xxx/CVE-2019-11998.json b/2019/11xxx/CVE-2019-11998.json index 0e72ccc0dfc..cbd781af2a0 100644 --- a/2019/11xxx/CVE-2019-11998.json +++ b/2019/11xxx/CVE-2019-11998.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-11998", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-alert@hpe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HPE", + "product": { + "product_data": [ + { + "product_name": "HPE Superdome Flex Server", + "version": { + "version_data": [ + { + "version_value": "Prior to v3.20.186" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "local multiple vulnerabilities" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03978en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03978en_us" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands. This vulnerability could allow an Administrator to bypass security restrictions and access multiple remote vulnerabilities including information disclosure, or denial of service. HPE has provided firmware updates that address the above vulnerabilities for the HPE Superdome Flex Server starting with firmware version v3.20.186 (not available online) and v3.20.206 (available online). Apply v3.20.206 (4 December 2019) or a newer version to resolve this issue. Please visit HPE Support Center https://support.hpe.com/hpesc/public/home to obtain the updated firmware for your product." } ] } diff --git a/2019/12xxx/CVE-2019-12086.json b/2019/12xxx/CVE-2019-12086.json index f32e263ec61..6f664f9c344 100644 --- a/2019/12xxx/CVE-2019-12086.json +++ b/2019/12xxx/CVE-2019-12086.json @@ -211,6 +211,16 @@ "refsource": "MLIST", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2019/12xxx/CVE-2019-12216.json b/2019/12xxx/CVE-2019-12216.json index 053507b38c6..8d902077992 100644 --- a/2019/12xxx/CVE-2019-12216.json +++ b/2019/12xxx/CVE-2019-12216.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a6bc0fb143", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12217.json b/2019/12xxx/CVE-2019-12217.json index 035ad11669a..09808eb446e 100644 --- a/2019/12xxx/CVE-2019-12217.json +++ b/2019/12xxx/CVE-2019-12217.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a6bc0fb143", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12218.json b/2019/12xxx/CVE-2019-12218.json index 33cbbd0538f..365bae998bf 100644 --- a/2019/12xxx/CVE-2019-12218.json +++ b/2019/12xxx/CVE-2019-12218.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a6bc0fb143", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12219.json b/2019/12xxx/CVE-2019-12219.json index 792f3995a16..6445b0d2cf9 100644 --- a/2019/12xxx/CVE-2019-12219.json +++ b/2019/12xxx/CVE-2019-12219.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a6bc0fb143", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12220.json b/2019/12xxx/CVE-2019-12220.json index a427b17824c..dd5b2e5ce26 100644 --- a/2019/12xxx/CVE-2019-12220.json +++ b/2019/12xxx/CVE-2019-12220.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a6bc0fb143", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12221.json b/2019/12xxx/CVE-2019-12221.json index 6443246856e..22fe3e06058 100644 --- a/2019/12xxx/CVE-2019-12221.json +++ b/2019/12xxx/CVE-2019-12221.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a6bc0fb143", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12222.json b/2019/12xxx/CVE-2019-12222.json index b4cb53afb1d..a13baf53fbb 100644 --- a/2019/12xxx/CVE-2019-12222.json +++ b/2019/12xxx/CVE-2019-12222.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-a6bc0fb143", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ2VRD57UOBT72JUC2DIFHEFCH4N64SW/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/12xxx/CVE-2019-12384.json b/2019/12xxx/CVE-2019-12384.json index 4bd09f980ee..d26bf92eb7d 100644 --- a/2019/12xxx/CVE-2019-12384.json +++ b/2019/12xxx/CVE-2019-12384.json @@ -256,6 +256,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:4352", "url": "https://access.redhat.com/errata/RHSA-2019:4352" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2019/12xxx/CVE-2019-12397.json b/2019/12xxx/CVE-2019-12397.json index 91b6e1db1cc..a650a599a08 100644 --- a/2019/12xxx/CVE-2019-12397.json +++ b/2019/12xxx/CVE-2019-12397.json @@ -63,6 +63,16 @@ "refsource": "MLIST", "name": "[ranger-dev] 20191229 [jira] [Updated] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue", "url": "https://lists.apache.org/thread.html/cbc6346708ef2b9ffb2555637311bf6294923c609c029389fa39de8f@%3Cdev.ranger.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[ranger-dev] 20200121 [jira] [Resolved] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue", + "url": "https://lists.apache.org/thread.html/r04bc435a92911de4b52d2b98f169bd7cf2e8bbeb53b03788df8f932c@%3Cdev.ranger.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[ranger-dev] 20200121 [jira] [Commented] (RANGER-2681) CVE-2019-12397: Apache Ranger cross site scripting issue", + "url": "https://lists.apache.org/thread.html/rd88077a781ef38f7687c100f93992f4dda8aa101925050c4af470998@%3Cdev.ranger.apache.org%3E" } ] }, diff --git a/2019/12xxx/CVE-2019-12398.json b/2019/12xxx/CVE-2019-12398.json index 34545e8cc40..1b8e3f74dfc 100644 --- a/2019/12xxx/CVE-2019-12398.json +++ b/2019/12xxx/CVE-2019-12398.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-12398", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Airflow", + "version": { + "version_data": [ + { + "version_value": "Apache Airflow <= 1.10.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stored XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[airflow-dev] 20200114 [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI", + "url": "https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b@%3Cdev.airflow.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200114 [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI", + "url": "http://www.openwall.com/lists/oss-security/2020/01/14/2" + }, + { + "refsource": "MLIST", + "name": "[airflow-users] 20200114 [CVE-2019-12398] Apache Airflow Stored XSS vulnerability in classic UI", + "url": "https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cusers.airflow.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache Airflow before 1.10.5 when running with the \"classic\" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new \"RBAC\" UI is unaffected." } ] } diff --git a/2019/12xxx/CVE-2019-12399.json b/2019/12xxx/CVE-2019-12399.json index 7486b454f7f..bcfe5e5c9c0 100644 --- a/2019/12xxx/CVE-2019-12399.json +++ b/2019/12xxx/CVE-2019-12399.json @@ -4,14 +4,161 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-12399", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Kafka", + "version": { + "version_data": [ + { + "version_value": "Apache Kafka 2.0.0" + }, + { + "version_value": "2.0.1" + }, + { + "version_value": "2.1.0" + }, + { + "version_value": "2.1.1" + }, + { + "version_value": "2.2.0" + }, + { + "version_value": "2.2.1" + }, + { + "version_value": "2.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[kafka-users] 20200113 CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint", + "url": "https://lists.apache.org/thread.html/r6af5ed95726874e9add022955be83c192428c248d1c9a1914aff89d9@%3Cusers.kafka.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200113 CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint", + "url": "http://www.openwall.com/lists/oss-security/2020/01/14/1" + }, + { + "refsource": "MLIST", + "name": "[announce] 20200113 CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint", + "url": "https://lists.apache.org/thread.html/r6af5ed95726874e9add022955be83c192428c248d1c9a1914aff89d9@%3Cannounce.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[kafka-dev] 20200113 CVE-2019-12399: Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint", + "url": "https://lists.apache.org/thread.html/r6af5ed95726874e9add022955be83c192428c248d1c9a1914aff89d9%40%3Cdev.kafka.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[kafka-commits] 20200115 [kafka-site] branch asf-site updated: Add CVE-2019-12399 (#250)", + "url": "https://lists.apache.org/thread.html/rc27d424d0bdeaf31081c3e246db3c66e882243ae3f342dfa845e0261@%3Ccommits.kafka.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200126 [GitHub] [druid] clintropolis opened a new pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/rde947ee866de6687bc51cdc8dfa6d7e6b3ad4ce8c708c344f773e6dc@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200126 [GitHub] [druid] suneet-s commented on a change in pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r4b20b40c40d4a4c641e2ef4228098a57935e5782bfdfdf3650e48265@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200126 [GitHub] [druid] clintropolis commented on a change in pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r6fa1cff4786dcef2ddd1d717836ef123c878e8321c24855bad24ae0f@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200126 [GitHub] [druid] clintropolis commented on issue #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r3203d7f25a6ca56ff3e48c43a6aa7cb60b8e5d57d0eed9f76dc2b7a8@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200127 [GitHub] [druid] ccaominh opened a new pull request #9261: Address CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/rfe90ca0463c199b99c2921410639aed53a172ea8b733eab0dc776262@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200127 [GitHub] [druid] suneet-s commented on a change in pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r801c68bf987931f35d2e24ecc99f3aa2850fdd8f5ef15fe6c60fecf3@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200127 [GitHub] [druid] ccaominh commented on issue #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r3154f5adbc905f1f9012a92240c8e00a96628470cc819453b9606d0e@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200127 [GitHub] [druid] clintropolis commented on a change in pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r4d9e87cdae99e98d7b244cfa53d9d2532d368d3a187fbc87c493dcbe@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200127 [GitHub] [druid] clintropolis commented on issue #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r56eb055b544931451283fee51f7e1f5b8ebd3085fed7d77aaba504c9@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200127 [GitHub] [druid] clintropolis commented on a change in pull request #9261: Address CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r0e3a613705d70950aca2bfe9a6265c87503921852d9a3dbce512ca9f@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200127 [GitHub] [druid] ccaominh closed pull request #9261: Address CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r9871a4215b621c1d09deee5eba97f0f44fde01b4363deb1bed0dd160@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200127 [GitHub] [druid] ccaominh commented on issue #9261: Address CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r47c225db363d1ee2c18c4b3b2f51b63a9789f78c7fa602e5976ecd05@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200127 [GitHub] [druid] jihoonson merged pull request #9259: fix build by updating kafka client to 2.2.2 for CVE-2019-12399", + "url": "https://lists.apache.org/thread.html/r2d390dec5f360ec8aa294bef18e1a4385e2a3698d747209216f5a48b@%3Ccommits.druid.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables." } ] } diff --git a/2019/12xxx/CVE-2019-12406.json b/2019/12xxx/CVE-2019-12406.json index 9065dd7da7a..b5ee7602e7f 100644 --- a/2019/12xxx/CVE-2019-12406.json +++ b/2019/12xxx/CVE-2019-12406.json @@ -48,6 +48,16 @@ "refsource": "CONFIRM", "name": "http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc", "url": "http://cxf.apache.org/security-advisories.data/CVE-2019-12406.txt.asc" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] }, diff --git a/2019/12xxx/CVE-2019-12415.json b/2019/12xxx/CVE-2019-12415.json index 34c699e4944..338c209a3a2 100644 --- a/2019/12xxx/CVE-2019-12415.json +++ b/2019/12xxx/CVE-2019-12415.json @@ -63,6 +63,11 @@ "refsource": "MLIST", "name": "[tika-user] 20191106 Re: Is tika-parsers exposed to CVE-2019-12415", "url": "https://lists.apache.org/thread.html/d88b8823867033514d7ec05d66f88c70dc207604d3dcbd44fd88464c@%3Cuser.tika.apache.org%3E" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2019/12xxx/CVE-2019-12418.json b/2019/12xxx/CVE-2019-12418.json index a6a17b85ddb..580c25fbac4 100644 --- a/2019/12xxx/CVE-2019-12418.json +++ b/2019/12xxx/CVE-2019-12418.json @@ -74,6 +74,16 @@ "refsource": "CONFIRM", "name": "https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS", "url": "https://support.f5.com/csp/article/K10107360?utm_source=f5support&utm_medium=RSS" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0038", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200127 [SECURITY] [DLA 2077-1] tomcat7 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html" } ] }, diff --git a/2019/12xxx/CVE-2019-12419.json b/2019/12xxx/CVE-2019-12419.json index 2330be8ea3c..e4b14798041 100644 --- a/2019/12xxx/CVE-2019-12419.json +++ b/2019/12xxx/CVE-2019-12419.json @@ -48,6 +48,16 @@ "refsource": "CONFIRM", "name": "http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc", "url": "http://cxf.apache.org/security-advisories.data/CVE-2019-12419.txt.asc" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html", + "url": "https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E" } ] }, diff --git a/2019/12xxx/CVE-2019-12420.json b/2019/12xxx/CVE-2019-12420.json index 66e08addc73..c6ec24141ac 100644 --- a/2019/12xxx/CVE-2019-12420.json +++ b/2019/12xxx/CVE-2019-12420.json @@ -93,6 +93,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191216 [SECURITY] [DLA 2037-1] spamassassin security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00019.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4237-1", + "url": "https://usn.ubuntu.com/4237-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4237-2", + "url": "https://usn.ubuntu.com/4237-2/" } ] }, diff --git a/2019/12xxx/CVE-2019-12421.json b/2019/12xxx/CVE-2019-12421.json index 80f8cfbeece..cba56e4545f 100644 --- a/2019/12xxx/CVE-2019-12421.json +++ b/2019/12xxx/CVE-2019-12421.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://nifi.apache.org/security.html#CVE-2019-12421", "url": "https://nifi.apache.org/security.html#CVE-2019-12421" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] }, diff --git a/2019/12xxx/CVE-2019-12423.json b/2019/12xxx/CVE-2019-12423.json index 6fb23b6b8f6..63fdb71ca59 100644 --- a/2019/12xxx/CVE-2019-12423.json +++ b/2019/12xxx/CVE-2019-12423.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-12423", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "CXF", + "version": { + "version_data": [ + { + "version_value": "All versions of Apache CXF prior to 3.3.5 and 3.2.12." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://cxf.apache.org/security-advisories.data/CVE-2019-12423.txt.asc?version=1&modificationDate=1579178393000&api=v2", + "url": "http://cxf.apache.org/security-advisories.data/CVE-2019-12423.txt.asc?version=1&modificationDate=1579178393000&api=v2" + }, + { + "refsource": "MLIST", + "name": "[announce] 20200116 [CVE-2019-12423] - Apache CXF OpenId Connect JWK Keys service returns private/secret credentials if configured with a jwk keystore", + "url": "https://lists.apache.org/thread.html/rd588ff96f18563aeb5f87ac8c6bce7aae86cb1a4d4be483f96e7208c@%3Cannounce.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter \"rs.security.keystore.type\" to \"jwk\". For this case all keys are returned in this file \"as is\", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. \"oct\" keys, which contain secret keys, are not returned at all." } ] } diff --git a/2019/12xxx/CVE-2019-12427.json b/2019/12xxx/CVE-2019-12427.json index ae0e856a559..c897c227e73 100644 --- a/2019/12xxx/CVE-2019-12427.json +++ b/2019/12xxx/CVE-2019-12427.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12427", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12427", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://wiki.zimbra.com/wiki/Security_Center", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Security_Center" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109174", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109174" } ] } diff --git a/2019/12xxx/CVE-2019-12490.json b/2019/12xxx/CVE-2019-12490.json index a727cc004a6..45ae88d4580 100644 --- a/2019/12xxx/CVE-2019-12490.json +++ b/2019/12xxx/CVE-2019-12490.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12490", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12490", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Simple Machines Forum (SMF) before 2.0.16. Reverse tabnabbing can occur because of use of _blank for external links." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.simplemachines.org/community/index.php?topic=570986.0", + "url": "https://www.simplemachines.org/community/index.php?topic=570986.0" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=gCVeFoxZ1DI", + "url": "https://www.youtube.com/watch?v=gCVeFoxZ1DI" } ] } diff --git a/2019/12xxx/CVE-2019-12619.json b/2019/12xxx/CVE-2019-12619.json index a1f78457391..e704aa0aec6 100644 --- a/2019/12xxx/CVE-2019-12619.json +++ b/2019/12xxx/CVE-2019-12619.json @@ -1,18 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", "ID": "CVE-2019-12619", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco SD-WAN Solution SQL Injection Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco SD-WAN Solution ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web interface for Cisco SD-WAN Solution vManage could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco SD-WAN Solution SQL Injection Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-sqlinj" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-sdwan-sqlinj", + "defect": [ + [ + "CSCvi01888", + "CSCvi56327", + "CSCvi59629" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12629.json b/2019/12xxx/CVE-2019-12629.json index 4a83bc0eddd..8f0a0b43411 100644 --- a/2019/12xxx/CVE-2019-12629.json +++ b/2019/12xxx/CVE-2019-12629.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", "ID": "CVE-2019-12629", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco SD-WAN vManage Command Injection Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco SD-WAN Solution ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the WebUI of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient input validation of data parameters for certain fields in the affected solution. An attacker could exploit this vulnerability by configuring a malicious username on the login page of the affected solution. A successful exploit could allow the attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "4.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco SD-WAN vManage Command Injection Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-cmd-inject" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-sdwan-cmd-inject", + "defect": [ + [ + "CSCvi70009" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12814.json b/2019/12xxx/CVE-2019-12814.json index fd8897ee5a1..23b26a60bc9 100644 --- a/2019/12xxx/CVE-2019-12814.json +++ b/2019/12xxx/CVE-2019-12814.json @@ -306,6 +306,16 @@ "refsource": "MLIST", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2019/12xxx/CVE-2019-12815.json b/2019/12xxx/CVE-2019-12815.json index 53ab26e5300..a926f37db26 100644 --- a/2019/12xxx/CVE-2019-12815.json +++ b/2019/12xxx/CVE-2019-12815.json @@ -111,6 +111,11 @@ "refsource": "GENTOO", "name": "GLSA-201908-16", "url": "https://security.gentoo.org/glsa/201908-16" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0031", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html" } ] } diff --git a/2019/12xxx/CVE-2019-12838.json b/2019/12xxx/CVE-2019-12838.json index 6bbbd73eafc..86b35a74933 100644 --- a/2019/12xxx/CVE-2019-12838.json +++ b/2019/12xxx/CVE-2019-12838.json @@ -101,6 +101,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2536", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00051.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0085", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html" } ] }, diff --git a/2019/12xxx/CVE-2019-12922.json b/2019/12xxx/CVE-2019-12922.json index dc4af5e8fed..b328978bb08 100644 --- a/2019/12xxx/CVE-2019-12922.json +++ b/2019/12xxx/CVE-2019-12922.json @@ -96,6 +96,11 @@ "refsource": "MISC", "name": "https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b", "url": "https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0056", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html" } ] } diff --git a/2019/13xxx/CVE-2019-13107.json b/2019/13xxx/CVE-2019-13107.json index 97434ea7e5d..bd0e9e37c90 100644 --- a/2019/13xxx/CVE-2019-13107.json +++ b/2019/13xxx/CVE-2019-13107.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "https://github.com/tbeu/matio/pull/118", "url": "https://github.com/tbeu/matio/pull/118" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a1a2f55fcf", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N7AE25FWDBPC7KLVMPLHT4G64O4GISQQ/" } ] } diff --git a/2019/13xxx/CVE-2019-13117.json b/2019/13xxx/CVE-2019-13117.json index 71e9a71dd90..b7b568bb968 100644 --- a/2019/13xxx/CVE-2019-13117.json +++ b/2019/13xxx/CVE-2019-13117.json @@ -91,6 +91,16 @@ "refsource": "MLIST", "name": "[oss-security] 20191117 Nokogiri security update v1.10.5", "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" } ] } diff --git a/2019/13xxx/CVE-2019-13118.json b/2019/13xxx/CVE-2019-13118.json index dd85f0ef476..39e9178b0e6 100644 --- a/2019/13xxx/CVE-2019-13118.json +++ b/2019/13xxx/CVE-2019-13118.json @@ -231,6 +231,16 @@ "refsource": "MLIST", "name": "[oss-security] 20191117 Nokogiri security update v1.10.5", "url": "http://www.openwall.com/lists/oss-security/2019/11/17/2" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" } ] } diff --git a/2019/13xxx/CVE-2019-13126.json b/2019/13xxx/CVE-2019-13126.json index fc2034fd6f1..55b267640f3 100644 --- a/2019/13xxx/CVE-2019-13126.json +++ b/2019/13xxx/CVE-2019-13126.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An integer overflow in NATS Server 2.0.0 allows a remote attacker to crash the server by sending a crafted request." + "value": "An integer overflow in NATS Server before 2.0.2 allows a remote attacker to crash the server by sending a crafted request. If authentication is enabled, then the remote attacker must have first authenticated." } ] }, @@ -52,15 +52,15 @@ }, "references": { "reference_data": [ - { - "url": "https://github.com/nats-io/nats-server/commits/master", - "refsource": "MISC", - "name": "https://github.com/nats-io/nats-server/commits/master" - }, { "refsource": "MISC", "name": "https://www.twistlock.com/labs-blog/finding-dos-vulnerability-nats-go-fuzz-cve-2019-13126/", "url": "https://www.twistlock.com/labs-blog/finding-dos-vulnerability-nats-go-fuzz-cve-2019-13126/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/nats-io/nats-server/pull/1053", + "url": "https://github.com/nats-io/nats-server/pull/1053" } ] } diff --git a/2019/13xxx/CVE-2019-13519.json b/2019/13xxx/CVE-2019-13519.json new file mode 100644 index 00000000000..2380caf9374 --- /dev/null +++ b/2019/13xxx/CVE-2019-13519.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-13519", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell", + "product": { + "product_data": [ + { + "product_name": "Rockwell Automation Arena Simulation Software", + "version": { + "version_data": [ + { + "version_value": "Versions 16.00.00 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access of resource using incompatible type ('Type confusion') CWE-843" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-802/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-802/" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities." + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13521.json b/2019/13xxx/CVE-2019-13521.json new file mode 100644 index 00000000000..684b88d6e1c --- /dev/null +++ b/2019/13xxx/CVE-2019-13521.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-13521", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell", + "product": { + "product_data": [ + { + "product_name": "Rockwell Automation Arena Simulation Software", + "version": { + "version_data": [ + { + "version_value": "Versions 16.00.00 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient UI warning of dangerous operations CWE-357" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-213-05" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-799/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-799/" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena Simulation Software to address the reported vulnerabilities." + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13524.json b/2019/13xxx/CVE-2019-13524.json new file mode 100644 index 00000000000..8c947c574b1 --- /dev/null +++ b/2019/13xxx/CVE-2019-13524.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-13524", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GE PACSystems RX3i", + "version": { + "version_data": [ + { + "version_value": "CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU320 All versions(End of Life)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER INPUT VALIDATION CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode." + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13537.json b/2019/13xxx/CVE-2019-13537.json new file mode 100644 index 00000000000..9022dd4d338 --- /dev/null +++ b/2019/13xxx/CVE-2019-13537.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-13537", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "AVEVA", + "product": { + "product_data": [ + { + "product_name": "Vijeo Citect and Citect SCADA", + "version": { + "version_data": [ + { + "version_value": "IEC870IP driver v4.14.02 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-290-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-290-01" + }, + { + "refsource": "CONFIRM", + "name": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec139.pdf", + "url": "https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec139.pdf" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The IEC870IP driver for AVEVA\u2019s Vijeo Citect and Citect SCADA and Schneider Electric\u2019s Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash." + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13616.json b/2019/13xxx/CVE-2019-13616.json index 8cd005d9447..9d81fbcd882 100644 --- a/2019/13xxx/CVE-2019-13616.json +++ b/2019/13xxx/CVE-2019-13616.json @@ -116,6 +116,16 @@ "refsource": "REDHAT", "name": "RHSA-2019:3951", "url": "https://access.redhat.com/errata/RHSA-2019:3951" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:3950", + "url": "https://access.redhat.com/errata/RHSA-2019:3950" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/13xxx/CVE-2019-13618.json b/2019/13xxx/CVE-2019-13618.json index b7cdfcf3e2f..f4579373053 100644 --- a/2019/13xxx/CVE-2019-13618.json +++ b/2019/13xxx/CVE-2019-13618.json @@ -61,6 +61,11 @@ "url": "https://github.com/gpac/gpac/compare/440d475...6b4ab40", "refsource": "MISC", "name": "https://github.com/gpac/gpac/compare/440d475...6b4ab40" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html" } ] } diff --git a/2019/13xxx/CVE-2019-13627.json b/2019/13xxx/CVE-2019-13627.json index 494e630794f..2850b56afa0 100644 --- a/2019/13xxx/CVE-2019-13627.json +++ b/2019/13xxx/CVE-2019-13627.json @@ -86,6 +86,21 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20200101 [SECURITY] [DLA 1931-2] libgcrypt20 regression update", "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00001.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4236-1", + "url": "https://usn.ubuntu.com/4236-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0022", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00018.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4236-2", + "url": "https://usn.ubuntu.com/4236-2/" } ] } diff --git a/2019/13xxx/CVE-2019-13699.json b/2019/13xxx/CVE-2019-13699.json index b1b7aa7eee0..0f7365d70fc 100644 --- a/2019/13xxx/CVE-2019-13699.json +++ b/2019/13xxx/CVE-2019-13699.json @@ -54,6 +54,11 @@ "url": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html", "refsource": "MISC", "name": "https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13700.json b/2019/13xxx/CVE-2019-13700.json index f27f4641d64..fba0def4614 100644 --- a/2019/13xxx/CVE-2019-13700.json +++ b/2019/13xxx/CVE-2019-13700.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/998431", "refsource": "MISC", "name": "https://crbug.com/998431" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13701.json b/2019/13xxx/CVE-2019-13701.json index b0315adfaf9..8eebb0a0ad9 100644 --- a/2019/13xxx/CVE-2019-13701.json +++ b/2019/13xxx/CVE-2019-13701.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/998284", "refsource": "MISC", "name": "https://crbug.com/998284" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13702.json b/2019/13xxx/CVE-2019-13702.json index 6b9e698012c..11cdf890e06 100644 --- a/2019/13xxx/CVE-2019-13702.json +++ b/2019/13xxx/CVE-2019-13702.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/991125", "refsource": "MISC", "name": "https://crbug.com/991125" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13703.json b/2019/13xxx/CVE-2019-13703.json index e99ba887f74..72be54cfd12 100644 --- a/2019/13xxx/CVE-2019-13703.json +++ b/2019/13xxx/CVE-2019-13703.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/992838", "refsource": "MISC", "name": "https://crbug.com/992838" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13704.json b/2019/13xxx/CVE-2019-13704.json index aa47a94327f..581ed1a622c 100644 --- a/2019/13xxx/CVE-2019-13704.json +++ b/2019/13xxx/CVE-2019-13704.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/1001283", "refsource": "MISC", "name": "https://crbug.com/1001283" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13705.json b/2019/13xxx/CVE-2019-13705.json index 78114239481..8c07e01772c 100644 --- a/2019/13xxx/CVE-2019-13705.json +++ b/2019/13xxx/CVE-2019-13705.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/989078", "refsource": "MISC", "name": "https://crbug.com/989078" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13706.json b/2019/13xxx/CVE-2019-13706.json index 6dd57c2d012..4501e3e84a1 100644 --- a/2019/13xxx/CVE-2019-13706.json +++ b/2019/13xxx/CVE-2019-13706.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/1001159", "refsource": "MISC", "name": "https://crbug.com/1001159" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13707.json b/2019/13xxx/CVE-2019-13707.json index c3a1dc3761d..7a23a961f90 100644 --- a/2019/13xxx/CVE-2019-13707.json +++ b/2019/13xxx/CVE-2019-13707.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/859349", "refsource": "MISC", "name": "https://crbug.com/859349" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13708.json b/2019/13xxx/CVE-2019-13708.json index 8efadfca7ba..90c69877157 100644 --- a/2019/13xxx/CVE-2019-13708.json +++ b/2019/13xxx/CVE-2019-13708.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/931894", "refsource": "MISC", "name": "https://crbug.com/931894" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13709.json b/2019/13xxx/CVE-2019-13709.json index cb252aa6cf8..a13208e0ed9 100644 --- a/2019/13xxx/CVE-2019-13709.json +++ b/2019/13xxx/CVE-2019-13709.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/1005218", "refsource": "MISC", "name": "https://crbug.com/1005218" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13710.json b/2019/13xxx/CVE-2019-13710.json index 0b22568fe70..cb13e282b91 100644 --- a/2019/13xxx/CVE-2019-13710.json +++ b/2019/13xxx/CVE-2019-13710.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/756825", "refsource": "MISC", "name": "https://crbug.com/756825" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13711.json b/2019/13xxx/CVE-2019-13711.json index 0a40d7a1a81..abfa902f5af 100644 --- a/2019/13xxx/CVE-2019-13711.json +++ b/2019/13xxx/CVE-2019-13711.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/986063", "refsource": "MISC", "name": "https://crbug.com/986063" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13713.json b/2019/13xxx/CVE-2019-13713.json index a65f2036671..96ce57c10c4 100644 --- a/2019/13xxx/CVE-2019-13713.json +++ b/2019/13xxx/CVE-2019-13713.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/993288", "refsource": "MISC", "name": "https://crbug.com/993288" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13714.json b/2019/13xxx/CVE-2019-13714.json index 098eddc8745..f8a4e897205 100644 --- a/2019/13xxx/CVE-2019-13714.json +++ b/2019/13xxx/CVE-2019-13714.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/982812", "refsource": "MISC", "name": "https://crbug.com/982812" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13715.json b/2019/13xxx/CVE-2019-13715.json index 203cb9bb5b6..99a54c6ad1e 100644 --- a/2019/13xxx/CVE-2019-13715.json +++ b/2019/13xxx/CVE-2019-13715.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/760855", "refsource": "MISC", "name": "https://crbug.com/760855" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13716.json b/2019/13xxx/CVE-2019-13716.json index 0d646d8783a..8583e1f0e74 100644 --- a/2019/13xxx/CVE-2019-13716.json +++ b/2019/13xxx/CVE-2019-13716.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/1005948", "refsource": "MISC", "name": "https://crbug.com/1005948" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13717.json b/2019/13xxx/CVE-2019-13717.json index f8ae5aaa8cf..2a77dae702d 100644 --- a/2019/13xxx/CVE-2019-13717.json +++ b/2019/13xxx/CVE-2019-13717.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/839239", "refsource": "MISC", "name": "https://crbug.com/839239" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13718.json b/2019/13xxx/CVE-2019-13718.json index e5f3183062c..26f642241fd 100644 --- a/2019/13xxx/CVE-2019-13718.json +++ b/2019/13xxx/CVE-2019-13718.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/866162", "refsource": "MISC", "name": "https://crbug.com/866162" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13719.json b/2019/13xxx/CVE-2019-13719.json index 2b0ef7ce237..2ebe0d96bc1 100644 --- a/2019/13xxx/CVE-2019-13719.json +++ b/2019/13xxx/CVE-2019-13719.json @@ -54,6 +54,11 @@ "url": "https://crbug.com/927150", "refsource": "MISC", "name": "https://crbug.com/927150" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" } ] }, diff --git a/2019/13xxx/CVE-2019-13722.json b/2019/13xxx/CVE-2019-13722.json new file mode 100644 index 00000000000..f9d3ef3b0b7 --- /dev/null +++ b/2019/13xxx/CVE-2019-13722.json @@ -0,0 +1,68 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-13722", + "ASSIGNER": "security@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "79.0.3945.79", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html" + }, + { + "url": "https://crbug.com/1025089", + "refsource": "MISC", + "name": "https://crbug.com/1025089" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." + } + ] + } +} diff --git a/2019/13xxx/CVE-2019-13725.json b/2019/13xxx/CVE-2019-13725.json index e7c96c26435..16a43184f67 100644 --- a/2019/13xxx/CVE-2019-13725.json +++ b/2019/13xxx/CVE-2019-13725.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13726.json b/2019/13xxx/CVE-2019-13726.json index 942c52b697e..df796d4c41e 100644 --- a/2019/13xxx/CVE-2019-13726.json +++ b/2019/13xxx/CVE-2019-13726.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13727.json b/2019/13xxx/CVE-2019-13727.json index 74f24951fc7..87bc23523b3 100644 --- a/2019/13xxx/CVE-2019-13727.json +++ b/2019/13xxx/CVE-2019-13727.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13728.json b/2019/13xxx/CVE-2019-13728.json index 7440141299e..b6afa0dba09 100644 --- a/2019/13xxx/CVE-2019-13728.json +++ b/2019/13xxx/CVE-2019-13728.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13729.json b/2019/13xxx/CVE-2019-13729.json index e44ec606fa6..d1cc2c82711 100644 --- a/2019/13xxx/CVE-2019-13729.json +++ b/2019/13xxx/CVE-2019-13729.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13730.json b/2019/13xxx/CVE-2019-13730.json index c5970bd4b7c..f957d756e80 100644 --- a/2019/13xxx/CVE-2019-13730.json +++ b/2019/13xxx/CVE-2019-13730.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13732.json b/2019/13xxx/CVE-2019-13732.json index 211a4105cd6..80482add2bc 100644 --- a/2019/13xxx/CVE-2019-13732.json +++ b/2019/13xxx/CVE-2019-13732.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13734.json b/2019/13xxx/CVE-2019-13734.json index 9741e46255a..775b709fcbf 100644 --- a/2019/13xxx/CVE-2019-13734.json +++ b/2019/13xxx/CVE-2019-13734.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13735.json b/2019/13xxx/CVE-2019-13735.json index f23ba985e89..9271f39466f 100644 --- a/2019/13xxx/CVE-2019-13735.json +++ b/2019/13xxx/CVE-2019-13735.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13736.json b/2019/13xxx/CVE-2019-13736.json index b9ced606afa..ac55f651ead 100644 --- a/2019/13xxx/CVE-2019-13736.json +++ b/2019/13xxx/CVE-2019-13736.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13737.json b/2019/13xxx/CVE-2019-13737.json index c55479d1a52..6a750f11537 100644 --- a/2019/13xxx/CVE-2019-13737.json +++ b/2019/13xxx/CVE-2019-13737.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13738.json b/2019/13xxx/CVE-2019-13738.json index bcd71623e11..c869cfd9ade 100644 --- a/2019/13xxx/CVE-2019-13738.json +++ b/2019/13xxx/CVE-2019-13738.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13739.json b/2019/13xxx/CVE-2019-13739.json index 12f3c33a0fa..c6144d58682 100644 --- a/2019/13xxx/CVE-2019-13739.json +++ b/2019/13xxx/CVE-2019-13739.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13740.json b/2019/13xxx/CVE-2019-13740.json index 781063fda6d..5b49dd76439 100644 --- a/2019/13xxx/CVE-2019-13740.json +++ b/2019/13xxx/CVE-2019-13740.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13741.json b/2019/13xxx/CVE-2019-13741.json index 68e4339cb6e..8a7b272fde5 100644 --- a/2019/13xxx/CVE-2019-13741.json +++ b/2019/13xxx/CVE-2019-13741.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13742.json b/2019/13xxx/CVE-2019-13742.json index 1ac8839d8d2..6b2cbb227ec 100644 --- a/2019/13xxx/CVE-2019-13742.json +++ b/2019/13xxx/CVE-2019-13742.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13743.json b/2019/13xxx/CVE-2019-13743.json index 7eb57a6f214..8608ebe5c96 100644 --- a/2019/13xxx/CVE-2019-13743.json +++ b/2019/13xxx/CVE-2019-13743.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13744.json b/2019/13xxx/CVE-2019-13744.json index 910a3aeeb06..f85071ec2f6 100644 --- a/2019/13xxx/CVE-2019-13744.json +++ b/2019/13xxx/CVE-2019-13744.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13745.json b/2019/13xxx/CVE-2019-13745.json index 7393e4d408d..6042d6d525e 100644 --- a/2019/13xxx/CVE-2019-13745.json +++ b/2019/13xxx/CVE-2019-13745.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13746.json b/2019/13xxx/CVE-2019-13746.json index 5bad199d1ff..097991c8027 100644 --- a/2019/13xxx/CVE-2019-13746.json +++ b/2019/13xxx/CVE-2019-13746.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13747.json b/2019/13xxx/CVE-2019-13747.json index 959794f6214..bb8d2a5564c 100644 --- a/2019/13xxx/CVE-2019-13747.json +++ b/2019/13xxx/CVE-2019-13747.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13748.json b/2019/13xxx/CVE-2019-13748.json index c12543b9840..f871619cabd 100644 --- a/2019/13xxx/CVE-2019-13748.json +++ b/2019/13xxx/CVE-2019-13748.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13749.json b/2019/13xxx/CVE-2019-13749.json index f081cf5f378..436d6e67f49 100644 --- a/2019/13xxx/CVE-2019-13749.json +++ b/2019/13xxx/CVE-2019-13749.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13750.json b/2019/13xxx/CVE-2019-13750.json index 4cc45a03d49..dc9b759193c 100644 --- a/2019/13xxx/CVE-2019-13750.json +++ b/2019/13xxx/CVE-2019-13750.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13751.json b/2019/13xxx/CVE-2019-13751.json index 3c5d43c345a..edd00762e89 100644 --- a/2019/13xxx/CVE-2019-13751.json +++ b/2019/13xxx/CVE-2019-13751.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13752.json b/2019/13xxx/CVE-2019-13752.json index 8beca7b1be7..cac068e03eb 100644 --- a/2019/13xxx/CVE-2019-13752.json +++ b/2019/13xxx/CVE-2019-13752.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13753.json b/2019/13xxx/CVE-2019-13753.json index 1c53e8cfa2b..db7d31993ff 100644 --- a/2019/13xxx/CVE-2019-13753.json +++ b/2019/13xxx/CVE-2019-13753.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13754.json b/2019/13xxx/CVE-2019-13754.json index 54c9a9052f8..e9b22b56227 100644 --- a/2019/13xxx/CVE-2019-13754.json +++ b/2019/13xxx/CVE-2019-13754.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13755.json b/2019/13xxx/CVE-2019-13755.json index 26a33102892..d41bb69371e 100644 --- a/2019/13xxx/CVE-2019-13755.json +++ b/2019/13xxx/CVE-2019-13755.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13756.json b/2019/13xxx/CVE-2019-13756.json index dba43f55065..5dc723bc96e 100644 --- a/2019/13xxx/CVE-2019-13756.json +++ b/2019/13xxx/CVE-2019-13756.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13757.json b/2019/13xxx/CVE-2019-13757.json index 899b6c51250..c8fec6e6ba4 100644 --- a/2019/13xxx/CVE-2019-13757.json +++ b/2019/13xxx/CVE-2019-13757.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13758.json b/2019/13xxx/CVE-2019-13758.json index 2b52c3829fd..3ee5742bfcd 100644 --- a/2019/13xxx/CVE-2019-13758.json +++ b/2019/13xxx/CVE-2019-13758.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13759.json b/2019/13xxx/CVE-2019-13759.json index fb691b12757..d049432dbd7 100644 --- a/2019/13xxx/CVE-2019-13759.json +++ b/2019/13xxx/CVE-2019-13759.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13761.json b/2019/13xxx/CVE-2019-13761.json index b66349dbe0a..2bf751c339e 100644 --- a/2019/13xxx/CVE-2019-13761.json +++ b/2019/13xxx/CVE-2019-13761.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13762.json b/2019/13xxx/CVE-2019-13762.json index f45562ee8c0..71614f0e43e 100644 --- a/2019/13xxx/CVE-2019-13762.json +++ b/2019/13xxx/CVE-2019-13762.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13763.json b/2019/13xxx/CVE-2019-13763.json index 20bd2fe117f..753ee2b9807 100644 --- a/2019/13xxx/CVE-2019-13763.json +++ b/2019/13xxx/CVE-2019-13763.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13764.json b/2019/13xxx/CVE-2019-13764.json index fe507925e24..eb9239db2b7 100644 --- a/2019/13xxx/CVE-2019-13764.json +++ b/2019/13xxx/CVE-2019-13764.json @@ -74,6 +74,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2694", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" } ] }, diff --git a/2019/13xxx/CVE-2019-13767.json b/2019/13xxx/CVE-2019-13767.json new file mode 100644 index 00000000000..4b4ca849514 --- /dev/null +++ b/2019/13xxx/CVE-2019-13767.json @@ -0,0 +1,88 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-13767", + "ASSIGNER": "security@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "79.0.3945.88", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1031653", + "refsource": "MISC", + "name": "https://crbug.com/1031653" + }, + { + "url": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0007", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00005.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use after free in media picker in Google Chrome prior to 79.0.3945.88 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page." + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13921.json b/2019/13xxx/CVE-2019-13921.json index 593025f5fe4..e3acf116257 100644 --- a/2019/13xxx/CVE-2019-13921.json +++ b/2019/13xxx/CVE-2019-13921.json @@ -5,8 +5,8 @@ "STATE": "PUBLIC" }, "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", "affects": { "vendor": { "vendor_data": [ @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < SP3 Update 1" } ] } @@ -42,20 +42,20 @@ } ] }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf" - } - ] - }, "description": { "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in SIMATIC WinAC RTX (F) 2010 (All versions < SP3 Update 1). Affected versions of the software contain a vulnerability that could allow an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large HTTP request is sent to the executing service. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the service provided by the software." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf" } ] } diff --git a/2019/13xxx/CVE-2019-13933.json b/2019/13xxx/CVE-2019-13933.json new file mode 100644 index 00000000000..efe0452797c --- /dev/null +++ b/2019/13xxx/CVE-2019-13933.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-13933", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_version": "4.0", + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SCALANCE X-200RNA switch family", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)", + "version": { + "version_data": [ + { + "version_value": "All versions < V4.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306: Missing Authentication for Critical Function" + } + ] + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3). Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-443566.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-03", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-03" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13939.json b/2019/13xxx/CVE-2019-13939.json new file mode 100644 index 00000000000..e26a1efee1d --- /dev/null +++ b/2019/13xxx/CVE-2019-13939.json @@ -0,0 +1,112 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-13939", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "Nucleus NET", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus RTOS", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus ReadyStart for ARM, MIPS, and PPC", + "version": { + "version_data": [ + { + "version_value": "All versions < V2017.02.2 with patch \"Nucleus 2017.02.02 Nucleus NET Patch\"" + } + ] + } + }, + { + "product_name": "Nucleus SafetyCert", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "Nucleus Source Code", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "VSTAR", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-840: Business Logic Errors" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-434032.pdf" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch \"Nucleus 2017.02.02 Nucleus NET Patch\"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), VSTAR (All versions). By sending specially crafted DHCP packets to a device, an attacker may be able to affect availability and integrity of the device. Adjacent network access, but no authentication and no user interaction is needed to conduct this attack. At the time of advisory publication no public exploitation of this security vulnerability was known." + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13942.json b/2019/13xxx/CVE-2019-13942.json index 43e51498163..a1ee7fa6143 100644 --- a/2019/13xxx/CVE-2019-13942.json +++ b/2019/13xxx/CVE-2019-13942.json @@ -93,9 +93,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf" }, { "refsource": "MISC", diff --git a/2019/13xxx/CVE-2019-13943.json b/2019/13xxx/CVE-2019-13943.json index f4a28f615c3..37abdcda4a8 100644 --- a/2019/13xxx/CVE-2019-13943.json +++ b/2019/13xxx/CVE-2019-13943.json @@ -93,9 +93,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf" }, { "refsource": "MISC", diff --git a/2019/13xxx/CVE-2019-13944.json b/2019/13xxx/CVE-2019-13944.json index 7a102c0693f..547215e0611 100644 --- a/2019/13xxx/CVE-2019-13944.json +++ b/2019/13xxx/CVE-2019-13944.json @@ -93,9 +93,9 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", - "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf", - "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf" + "refsource": "MISC", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-418979.pdf" }, { "refsource": "MISC", diff --git a/2019/14xxx/CVE-2019-14003.json b/2019/14xxx/CVE-2019-14003.json new file mode 100644 index 00000000000..33841f279aa --- /dev/null +++ b/2019/14xxx/CVE-2019-14003.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Null pointer exception can happen while parsing invalid MKV clip where cue information is parsed before segment information in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14004.json b/2019/14xxx/CVE-2019-14004.json new file mode 100644 index 00000000000..68470f467b6 --- /dev/null +++ b/2019/14xxx/CVE-2019-14004.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14004", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow occurs while processing invalid MKV clip, which has invalid EBML size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14005.json b/2019/14xxx/CVE-2019-14005.json new file mode 100644 index 00000000000..ec4032ad1b5 --- /dev/null +++ b/2019/14xxx/CVE-2019-14005.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow occur while playing the clip which is nonstandard due to lack of check of size duration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14006.json b/2019/14xxx/CVE-2019-14006.json new file mode 100644 index 00000000000..e42c15e00b4 --- /dev/null +++ b/2019/14xxx/CVE-2019-14006.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow occur while playing the clip which is nonstandard due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14008.json b/2019/14xxx/CVE-2019-14008.json new file mode 100644 index 00000000000..2940078c58d --- /dev/null +++ b/2019/14xxx/CVE-2019-14008.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14008", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Possible null pointer dereference issue in location assistance data processing due to missing null check on resources before using it in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9607, MDM9650, SDM660, SDM845, SM8150, SM8250, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Null Pointer Dereference Issue in GPS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14010.json b/2019/14xxx/CVE-2019-14010.json new file mode 100644 index 00000000000..b715e618f10 --- /dev/null +++ b/2019/14xxx/CVE-2019-14010.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music", + "version": { + "version_data": [ + { + "version_value": "MDM9607, Nicobar, Rennell, SA6155P, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The device may enter into error state when some tool or application gets failure at 1st buffer map all and performs 2nd buffer map which happens to be at same physical address in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, Rennell, SA6155P, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation in Audio" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14013.json b/2019/14xxx/CVE-2019-14013.json new file mode 100644 index 00000000000..951ed663c0c --- /dev/null +++ b/2019/14xxx/CVE-2019-14013.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "While parsing invalid super index table, elements within super index table may exceed total chunk size and invalid data is read into the table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14014.json b/2019/14xxx/CVE-2019-14014.json new file mode 100644 index 00000000000..9aa029730d7 --- /dev/null +++ b/2019/14xxx/CVE-2019-14014.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "Nicobar, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Possible buffer overflow when byte array receives incorrect input from reading source as array is not null terminated in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Nicobar, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14016.json b/2019/14xxx/CVE-2019-14016.json new file mode 100644 index 00000000000..9aff596e62a --- /dev/null +++ b/2019/14xxx/CVE-2019-14016.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow occurs while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Integer Overflow to Buffer Overflow in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14017.json b/2019/14xxx/CVE-2019-14017.json new file mode 100644 index 00000000000..23cc1a3b338 --- /dev/null +++ b/2019/14xxx/CVE-2019-14017.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap buffer overflow can occur while parsing invalid MKV clip which is not standard and have invalid vorbis codec data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in Video" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14023.json b/2019/14xxx/CVE-2019-14023.json new file mode 100644 index 00000000000..f9572aefb06 --- /dev/null +++ b/2019/14xxx/CVE-2019-14023.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music", + "version": { + "version_data": [ + { + "version_value": "MDM9607, Nicobar, Rennell, SA6155P, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "String format issue will occur while processing HLOS data as there is no user input validation to ensure inputs are properly NULL terminated before string copy in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, Rennell, SA6155P, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "String format Issue in HLOS Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14024.json b/2019/14xxx/CVE-2019-14024.json new file mode 100644 index 00000000000..697f4c4760d --- /dev/null +++ b/2019/14xxx/CVE-2019-14024.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14024", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "MSM8917, MSM8953, Nicobar, QM215, Rennell, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Possible stack-use-after-scope issue in NFC usecase for card emulation in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile in MSM8917, MSM8953, Nicobar, QM215, Rennell, SDM429, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free Issue in NFC Module" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14034.json b/2019/14xxx/CVE-2019-14034.json new file mode 100644 index 00000000000..1e46f2ee75b --- /dev/null +++ b/2019/14xxx/CVE-2019-14034.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", + "version": { + "version_data": [ + { + "version_value": "APQ8009, APQ8053, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use after free while processing eeprom query as there is a chance to not unlock mutex after error occurs in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, MSM8909W, MSM8917, MSM8953, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM670, SDM710, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free Issue in Multimedia" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14036.json b/2019/14xxx/CVE-2019-14036.json new file mode 100644 index 00000000000..ea8b240554a --- /dev/null +++ b/2019/14xxx/CVE-2019-14036.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-14036", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking", + "version": { + "version_data": [ + { + "version_value": "APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MDM9615, MDM9640, MSM8996AU, QCN7605" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Possible buffer overflow issue in error processing due to improper validation of array index value in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8064, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MDM9615, MDM9640, MSM8996AU, QCN7605" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Validation of Array Index in WLAN Host" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14275.json b/2019/14xxx/CVE-2019-14275.json index 3fb81fdf181..63f4452a7cb 100644 --- a/2019/14xxx/CVE-2019-14275.json +++ b/2019/14xxx/CVE-2019-14275.json @@ -56,6 +56,11 @@ "url": "https://sourceforge.net/p/mcj/tickets/52/", "refsource": "MISC", "name": "https://sourceforge.net/p/mcj/tickets/52/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200121 [SECURITY] [DLA 2073-1] transfig security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html" } ] } diff --git a/2019/14xxx/CVE-2019-14287.json b/2019/14xxx/CVE-2019-14287.json index 87617d5ddbb..679a8b44cd9 100644 --- a/2019/14xxx/CVE-2019-14287.json +++ b/2019/14xxx/CVE-2019-14287.json @@ -216,6 +216,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4191", "url": "https://access.redhat.com/errata/RHSA-2019:4191" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03976en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03976en_us" } ] } diff --git a/2019/14xxx/CVE-2019-14301.json b/2019/14xxx/CVE-2019-14301.json new file mode 100644 index 00000000000..33069f8d991 --- /dev/null +++ b/2019/14xxx/CVE-2019-14301.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of 2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ricoh.com/info/2019/0823_1/", + "url": "https://www.ricoh.com/info/2019/0823_1/" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14302.json b/2019/14xxx/CVE-2019-14302.json new file mode 100644 index 00000000000..a1751153ef2 --- /dev/null +++ b/2019/14xxx/CVE-2019-14302.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On Ricoh SP C250DN 1.06 devices, a debug port can be used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ricoh.com/info/2019/0823_1/", + "url": "https://www.ricoh.com/info/2019/0823_1/" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14304.json b/2019/14xxx/CVE-2019-14304.json new file mode 100644 index 00000000000..3f5ef493859 --- /dev/null +++ b/2019/14xxx/CVE-2019-14304.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14304", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ricoh SP C250DN 1.06 devices allow CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ricoh.com/info/2019/0823_1/", + "url": "https://www.ricoh.com/info/2019/0823_1/" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14306.json b/2019/14xxx/CVE-2019-14306.json new file mode 100644 index 00000000000..91d49bf6506 --- /dev/null +++ b/2019/14xxx/CVE-2019-14306.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14306", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 2 of 2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ricoh.com/info/2019/0823_1/", + "url": "https://www.ricoh.com/info/2019/0823_1/" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14379.json b/2019/14xxx/CVE-2019-14379.json index 45c83e7656f..de864261744 100644 --- a/2019/14xxx/CVE-2019-14379.json +++ b/2019/14xxx/CVE-2019-14379.json @@ -296,6 +296,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3901", "url": "https://access.redhat.com/errata/RHSA-2019:3901" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/14xxx/CVE-2019-14439.json b/2019/14xxx/CVE-2019-14439.json index 1218dc01aa7..89c9fe25eee 100644 --- a/2019/14xxx/CVE-2019-14439.json +++ b/2019/14xxx/CVE-2019-14439.json @@ -176,6 +176,16 @@ "refsource": "MLIST", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2019/14xxx/CVE-2019-14540.json b/2019/14xxx/CVE-2019-14540.json index bdd8df4e213..5c0a6ac946e 100644 --- a/2019/14xxx/CVE-2019-14540.json +++ b/2019/14xxx/CVE-2019-14540.json @@ -161,6 +161,36 @@ "refsource": "MLIST", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0164", + "url": "https://access.redhat.com/errata/RHSA-2020:0164" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0159", + "url": "https://access.redhat.com/errata/RHSA-2020:0159" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0160", + "url": "https://access.redhat.com/errata/RHSA-2020:0160" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0161", + "url": "https://access.redhat.com/errata/RHSA-2020:0161" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2019/14xxx/CVE-2019-14596.json b/2019/14xxx/CVE-2019-14596.json new file mode 100644 index 00000000000..4ed679ce8fa --- /dev/null +++ b/2019/14xxx/CVE-2019-14596.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14596", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Chipset Device Software INF Utility", + "version": { + "version_data": [ + { + "version_value": "before version 10.1.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00306.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00306.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access control in the installer for Intel(R) Chipset Device Software INF Utility before version 10.1.18 may allow an authenticated user to potentially enable denial of service via local access." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14600.json b/2019/14xxx/CVE-2019-14600.json new file mode 100644 index 00000000000..1d348667fb2 --- /dev/null +++ b/2019/14xxx/CVE-2019-14600.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14600", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) SNMP Subagent Stand-Alone for Windows*", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00300.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00300.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Uncontrolled search path element in the installer for Intel(R) SNMP Subagent Stand-Alone for Windows* may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14601.json b/2019/14xxx/CVE-2019-14601.json new file mode 100644 index 00000000000..ca1848306e3 --- /dev/null +++ b/2019/14xxx/CVE-2019-14601.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14601", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) RWC 3 for Windows", + "version": { + "version_data": [ + { + "version_value": "before version 7.010.009.000" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00308.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00308.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper permissions in the installer for Intel(R) RWC 3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14613.json b/2019/14xxx/CVE-2019-14613.json new file mode 100644 index 00000000000..239d6e0584e --- /dev/null +++ b/2019/14xxx/CVE-2019-14613.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14613", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) VTune(TM) Amplifier for Windows*", + "version": { + "version_data": [ + { + "version_value": "before update 8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "escalation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00325.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00325.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper access control in driver for Intel(R) VTune(TM) Amplifier for Windows* before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14615.json b/2019/14xxx/CVE-2019-14615.json new file mode 100644 index 00000000000..40f8ddbfeb1 --- /dev/null +++ b/2019/14xxx/CVE-2019-14615.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14615", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processors", + "version": { + "version_data": [ + { + "version_value": "various" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00314.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14629.json b/2019/14xxx/CVE-2019-14629.json new file mode 100644 index 00000000000..a9bd4070c34 --- /dev/null +++ b/2019/14xxx/CVE-2019-14629.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14629", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) DAAL", + "version": { + "version_data": [ + { + "version_value": "before version 2020 Gold" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00332.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00332.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper permissions in Intel(R) DAAL before version 2020 Gold may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14765.json b/2019/14xxx/CVE-2019-14765.json new file mode 100644 index 00000000000..d8ea1ee6ee0 --- /dev/null +++ b/2019/14xxx/CVE-2019-14765.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14765", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dimo-crm.fr/blog-crm/", + "refsource": "MISC", + "name": "https://www.dimo-crm.fr/blog-crm/" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305", + "url": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14766.json b/2019/14xxx/CVE-2019-14766.json new file mode 100644 index 00000000000..fdbc613d9d4 --- /dev/null +++ b/2019/14xxx/CVE-2019-14766.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to browse the server filesystem." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dimo-crm.fr/blog-crm/", + "refsource": "MISC", + "name": "https://www.dimo-crm.fr/blog-crm/" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305", + "url": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14767.json b/2019/14xxx/CVE-2019-14767.json new file mode 100644 index 00000000000..ceb87108dff --- /dev/null +++ b/2019/14xxx/CVE-2019-14767.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14767", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence (dossier=../) and servletrecuperefichier (document=../) allows an unauthenticated user to download arbitrary files from the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dimo-crm.fr/blog-crm/", + "refsource": "MISC", + "name": "https://www.dimo-crm.fr/blog-crm/" + }, + { + "url": "https://www.elysium-security.com/sitemap.php", + "refsource": "MISC", + "name": "https://www.elysium-security.com/sitemap.php" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305", + "url": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14768.json b/2019/14xxx/CVE-2019-14768.json new file mode 100644 index 00000000000..3096f4c72f8 --- /dev/null +++ b/2019/14xxx/CVE-2019-14768.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Arbitrary File Upload issue in the file browser of DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to deploy a new WebApp WAR file to the Tomcat server via Path Traversal, allowing remote code execution with SYSTEM privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.dimo-crm.fr/blog-crm/", + "refsource": "MISC", + "name": "https://www.dimo-crm.fr/blog-crm/" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305", + "url": "https://gist.github.com/sm0k/5de26614282669b0bcfa719b87c17305" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14814.json b/2019/14xxx/CVE-2019-14814.json index 6b799537ddb..463694d1504 100644 --- a/2019/14xxx/CVE-2019-14814.json +++ b/2019/14xxx/CVE-2019-14814.json @@ -143,6 +143,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] }, diff --git a/2019/14xxx/CVE-2019-14815.json b/2019/14xxx/CVE-2019-14815.json index 111b9a27016..5df82204726 100644 --- a/2019/14xxx/CVE-2019-14815.json +++ b/2019/14xxx/CVE-2019-14815.json @@ -73,6 +73,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200103-0001/", "url": "https://security.netapp.com/advisory/ntap-20200103-0001/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] }, diff --git a/2019/14xxx/CVE-2019-14816.json b/2019/14xxx/CVE-2019-14816.json index 281eca329c5..a0b9a730917 100644 --- a/2019/14xxx/CVE-2019-14816.json +++ b/2019/14xxx/CVE-2019-14816.json @@ -143,6 +143,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] }, diff --git a/2019/14xxx/CVE-2019-14818.json b/2019/14xxx/CVE-2019-14818.json index 2e8bd5c0352..8771ec65447 100644 --- a/2019/14xxx/CVE-2019-14818.json +++ b/2019/14xxx/CVE-2019-14818.json @@ -67,6 +67,21 @@ "refsource": "FEDORA", "name": "FEDORA-2019-019df9a459", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULJ3C7OVBOEVDGSHYC3VCLSUHANGTFFP/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0166", + "url": "https://access.redhat.com/errata/RHSA-2020:0166" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0165", + "url": "https://access.redhat.com/errata/RHSA-2020:0165" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0168", + "url": "https://access.redhat.com/errata/RHSA-2020:0168" } ] }, diff --git a/2019/14xxx/CVE-2019-14835.json b/2019/14xxx/CVE-2019-14835.json index 2529a04bbed..c0471de6e3c 100644 --- a/2019/14xxx/CVE-2019-14835.json +++ b/2019/14xxx/CVE-2019-14835.json @@ -238,6 +238,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-qemu-en" } ] }, diff --git a/2019/14xxx/CVE-2019-14885.json b/2019/14xxx/CVE-2019-14885.json new file mode 100644 index 00000000000..a781b376573 --- /dev/null +++ b/2019/14xxx/CVE-2019-14885.json @@ -0,0 +1,72 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14885", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "JBoss EAP", + "version": { + "version_data": [ + { + "version_value": "All versions before 7.2.6.GA" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14885", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14885", + "refsource": "CONFIRM" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14888.json b/2019/14xxx/CVE-2019-14888.json new file mode 100644 index 00000000000..3407994e330 --- /dev/null +++ b/2019/14xxx/CVE-2019-14888.json @@ -0,0 +1,72 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14888", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "undertow", + "version": { + "version_data": [ + { + "version_value": "All versions before 2.0.28.SP1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14888", + "refsource": "CONFIRM" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14889.json b/2019/14xxx/CVE-2019-14889.json index 0229b901361..58d4f553756 100644 --- a/2019/14xxx/CVE-2019-14889.json +++ b/2019/14xxx/CVE-2019-14889.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-46b6bd2459", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EV2ONSPDJCTDVORCB4UGRQUZQQ46JHRN/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0102", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00047.html" } ] }, diff --git a/2019/14xxx/CVE-2019-14895.json b/2019/14xxx/CVE-2019-14895.json index 3c3b4a75565..a87e213a852 100644 --- a/2019/14xxx/CVE-2019-14895.json +++ b/2019/14xxx/CVE-2019-14895.json @@ -103,6 +103,16 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html", "url": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] }, diff --git a/2019/14xxx/CVE-2019-14896.json b/2019/14xxx/CVE-2019-14896.json index b6c8d169546..e6e4db9f26f 100644 --- a/2019/14xxx/CVE-2019-14896.json +++ b/2019/14xxx/CVE-2019-14896.json @@ -98,6 +98,16 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html", "url": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] }, diff --git a/2019/14xxx/CVE-2019-14897.json b/2019/14xxx/CVE-2019-14897.json index a64bdbf7888..83e294e0b0d 100644 --- a/2019/14xxx/CVE-2019-14897.json +++ b/2019/14xxx/CVE-2019-14897.json @@ -93,6 +93,16 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html", "url": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] }, diff --git a/2019/14xxx/CVE-2019-14901.json b/2019/14xxx/CVE-2019-14901.json index b101e3af82c..c515540f1e0 100644 --- a/2019/14xxx/CVE-2019-14901.json +++ b/2019/14xxx/CVE-2019-14901.json @@ -106,6 +106,16 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html", "url": "http://packetstormsecurity.com/files/155879/Kernel-Live-Patch-Security-Notice-LSN-0061-1.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] }, diff --git a/2019/14xxx/CVE-2019-14902.json b/2019/14xxx/CVE-2019-14902.json new file mode 100644 index 00000000000..11f76d16c42 --- /dev/null +++ b/2019/14xxx/CVE-2019-14902.json @@ -0,0 +1,98 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14902", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[UNKNOWN]", + "product": { + "product_data": [ + { + "product_name": "samba", + "version": { + "version_data": [ + { + "version_value": "all samba 4.11.x versions before 4.11.5" + }, + { + "version_value": "all samba 4.10.x versions before 4.10.12" + }, + { + "version_value": "all samba 4.9.x versions before 4.9.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.samba.org/samba/security/CVE-2019-14902.html", + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2019-14902.html" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902", + "refsource": "CONFIRM" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0001/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.synology.com/security/advisory/Synology_SA_20_01", + "url": "https://www.synology.com/security/advisory/Synology_SA_20_01" + }, + { + "refsource": "UBUNTU", + "name": "USN-4244-1", + "url": "https://usn.ubuntu.com/4244-1/" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.4/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14907.json b/2019/14xxx/CVE-2019-14907.json new file mode 100644 index 00000000000..702cad0865c --- /dev/null +++ b/2019/14xxx/CVE-2019-14907.json @@ -0,0 +1,98 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14907", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "samba", + "version": { + "version_data": [ + { + "version_value": "All versions 4.11.x before 4.11.5" + }, + { + "version_value": "All versions 4.10.x before 4.10.12" + }, + { + "version_value": "All versions 4.9.x before 4.9.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14907", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14907", + "refsource": "CONFIRM" + }, + { + "url": "https://www.samba.org/samba/security/CVE-2019-14907.html", + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2019-14907.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0001/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.synology.com/security/advisory/Synology_SA_20_01", + "url": "https://www.synology.com/security/advisory/Synology_SA_20_01" + }, + { + "refsource": "UBUNTU", + "name": "USN-4244-1", + "url": "https://usn.ubuntu.com/4244-1/" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with \"log level = 3\" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless)." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14973.json b/2019/14xxx/CVE-2019-14973.json index 6ca3bf6e09d..1d095df7c9a 100644 --- a/2019/14xxx/CVE-2019-14973.json +++ b/2019/14xxx/CVE-2019-14973.json @@ -81,6 +81,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-e45019c690", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63BVT6N5KQPHWOWM4B3I7Z3ODBXUVNPS/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200121 [SECURITY] [DSA 4608-1] tiff security update", + "url": "https://seclists.org/bugtraq/2020/Jan/32" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4608", + "url": "https://www.debian.org/security/2020/dsa-4608" } ] } diff --git a/2019/15xxx/CVE-2019-15006.json b/2019/15xxx/CVE-2019-15006.json index 381316e76e1..f8481548792 100644 --- a/2019/15xxx/CVE-2019-15006.json +++ b/2019/15xxx/CVE-2019-15006.json @@ -117,4 +117,4 @@ } ] } -} \ No newline at end of file +} diff --git a/2019/15xxx/CVE-2019-15010.json b/2019/15xxx/CVE-2019-15010.json new file mode 100644 index 00000000000..b2325248f9f --- /dev/null +++ b/2019/15xxx/CVE-2019-15010.json @@ -0,0 +1,243 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-01-15T10:00:00", + "ID": "CVE-2019-15010", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitbucket Server", + "version": { + "version_data": [ + { + "version_value": "3.0", + "version_affected": ">=" + }, + { + "version_value": "5.16.11", + "version_affected": "<" + }, + { + "version_value": "6.0", + "version_affected": ">=" + }, + { + "version_value": "6.0.11", + "version_affected": "<" + }, + { + "version_value": "6.1.0", + "version_affected": ">=" + }, + { + "version_value": "6.1.9", + "version_affected": "<" + }, + { + "version_value": "6.2.0", + "version_affected": ">=" + }, + { + "version_value": "6.2.7", + "version_affected": "<" + }, + { + "version_value": "6.3.0", + "version_affected": ">=" + }, + { + "version_value": "6.3.6", + "version_affected": "<" + }, + { + "version_value": "6.4.0", + "version_affected": ">=" + }, + { + "version_value": "6.4.4", + "version_affected": "<" + }, + { + "version_value": "6.5.0", + "version_affected": ">=" + }, + { + "version_value": "6.5.3", + "version_affected": "<" + }, + { + "version_value": "6.6.0", + "version_affected": ">=" + }, + { + "version_value": "6.6.3", + "version_affected": "<" + }, + { + "version_value": "6.7.0", + "version_affected": ">=" + }, + { + "version_value": "6.7.3", + "version_affected": "<" + }, + { + "version_value": "6.8.0", + "version_affected": ">=" + }, + { + "version_value": "6.8.2", + "version_affected": "<" + }, + { + "version_value": "6.9.0", + "version_affected": ">=" + }, + { + "version_value": "6.9.1", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Bitbucket Data Center", + "version": { + "version_data": [ + { + "version_value": "3.0", + "version_affected": ">=" + }, + { + "version_value": "5.16.11", + "version_affected": "<" + }, + { + "version_value": "6.0", + "version_affected": ">=" + }, + { + "version_value": "6.0.11", + "version_affected": "<" + }, + { + "version_value": "6.1.0", + "version_affected": ">=" + }, + { + "version_value": "6.1.9", + "version_affected": "<" + }, + { + "version_value": "6.2.0", + "version_affected": ">=" + }, + { + "version_value": "6.2.7", + "version_affected": "<" + }, + { + "version_value": "6.3.0", + "version_affected": ">=" + }, + { + "version_value": "6.3.6", + "version_affected": "<" + }, + { + "version_value": "6.4.0", + "version_affected": ">=" + }, + { + "version_value": "6.4.4", + "version_affected": "<" + }, + { + "version_value": "6.5.0", + "version_affected": ">=" + }, + { + "version_value": "6.5.3", + "version_affected": "<" + }, + { + "version_value": "6.6.0", + "version_affected": ">=" + }, + { + "version_value": "6.6.3", + "version_affected": "<" + }, + { + "version_value": "6.7.0", + "version_affected": ">=" + }, + { + "version_value": "6.7.3", + "version_affected": "<" + }, + { + "version_value": "6.8.0", + "version_affected": ">=" + }, + { + "version_value": "6.8.2", + "version_affected": "<" + }, + { + "version_value": "6.9.0", + "version_affected": ">=" + }, + { + "version_value": "6.9.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bitbucket Server and Bitbucket Data Center versions starting from version 3.0.0 before version 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, and from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via certain user input fields. A remote attacker with user level permissions can exploit this vulnerability to run arbitrary commands on the victim's systems. Using a specially crafted payload as user input, the attacker can execute arbitrary commands on the victim's Bitbucket Server or Bitbucket Data Center instance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Expression Language Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/BSERV-12098", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/BSERV-12098" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15011.json b/2019/15xxx/CVE-2019-15011.json index d84f9bc2355..8a71724ee3d 100644 --- a/2019/15xxx/CVE-2019-15011.json +++ b/2019/15xxx/CVE-2019-15011.json @@ -93,4 +93,4 @@ } ] } -} \ No newline at end of file +} diff --git a/2019/15xxx/CVE-2019-15012.json b/2019/15xxx/CVE-2019-15012.json new file mode 100644 index 00000000000..0048f50cbb4 --- /dev/null +++ b/2019/15xxx/CVE-2019-15012.json @@ -0,0 +1,243 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-01-15T10:00:00", + "ID": "CVE-2019-15012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitbucket Server", + "version": { + "version_data": [ + { + "version_value": "4.13", + "version_affected": ">=" + }, + { + "version_value": "5.16.11", + "version_affected": "<" + }, + { + "version_value": "6.0", + "version_affected": ">=" + }, + { + "version_value": "6.0.11", + "version_affected": "<" + }, + { + "version_value": "6.1.0", + "version_affected": ">=" + }, + { + "version_value": "6.1.9", + "version_affected": "<" + }, + { + "version_value": "6.2.0", + "version_affected": ">=" + }, + { + "version_value": "6.2.7", + "version_affected": "<" + }, + { + "version_value": "6.3.0", + "version_affected": ">=" + }, + { + "version_value": "6.3.6", + "version_affected": "<" + }, + { + "version_value": "6.4.0", + "version_affected": ">=" + }, + { + "version_value": "6.4.4", + "version_affected": "<" + }, + { + "version_value": "6.5.0", + "version_affected": ">=" + }, + { + "version_value": "6.5.3", + "version_affected": "<" + }, + { + "version_value": "6.6.0", + "version_affected": ">=" + }, + { + "version_value": "6.6.3", + "version_affected": "<" + }, + { + "version_value": "6.7.0", + "version_affected": ">=" + }, + { + "version_value": "6.7.3", + "version_affected": "<" + }, + { + "version_value": "6.8.0", + "version_affected": ">=" + }, + { + "version_value": "6.8.2", + "version_affected": "<" + }, + { + "version_value": "6.9.0", + "version_affected": ">=" + }, + { + "version_value": "6.9.1", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Bitbucket Data Center", + "version": { + "version_data": [ + { + "version_value": "4.13", + "version_affected": ">=" + }, + { + "version_value": "5.16.11", + "version_affected": "<" + }, + { + "version_value": "6.0", + "version_affected": ">=" + }, + { + "version_value": "6.0.11", + "version_affected": "<" + }, + { + "version_value": "6.1.0", + "version_affected": ">=" + }, + { + "version_value": "6.1.9", + "version_affected": "<" + }, + { + "version_value": "6.2.0", + "version_affected": ">=" + }, + { + "version_value": "6.2.7", + "version_affected": "<" + }, + { + "version_value": "6.3.0", + "version_affected": ">=" + }, + { + "version_value": "6.3.6", + "version_affected": "<" + }, + { + "version_value": "6.4.0", + "version_affected": ">=" + }, + { + "version_value": "6.4.4", + "version_affected": "<" + }, + { + "version_value": "6.5.0", + "version_affected": ">=" + }, + { + "version_value": "6.5.3", + "version_affected": "<" + }, + { + "version_value": "6.6.0", + "version_affected": ">=" + }, + { + "version_value": "6.6.3", + "version_affected": "<" + }, + { + "version_value": "6.7.0", + "version_affected": ">=" + }, + { + "version_value": "6.7.3", + "version_affected": "<" + }, + { + "version_value": "6.8.0", + "version_affected": ">=" + }, + { + "version_value": "6.8.2", + "version_affected": "<" + }, + { + "version_value": "6.9.0", + "version_affected": ">=" + }, + { + "version_value": "6.9.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bitbucket Server and Bitbucket Data Center from version 4.13. before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the edit-file request. A remote attacker with write permission on a repository can write to any arbitrary file to the victims Bitbucket Server or Bitbucket Data Center instance using the edit-file endpoint, if the user has Bitbucket Server or Bitbucket Data Center running, and has the permission to write the file at that destination. In some cases, this can result in execution of arbitrary code by the victims Bitbucket Server or Bitbucket Data Center instance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/BSERV-12100", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/BSERV-12100" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15039.json b/2019/15xxx/CVE-2019-15039.json index 6e6e93bd442..e27892526ae 100644 --- a/2019/15xxx/CVE-2019-15039.json +++ b/2019/15xxx/CVE-2019-15039.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2018.2.5 and 2019.1." + "value": "An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1." } ] }, diff --git a/2019/15xxx/CVE-2019-15098.json b/2019/15xxx/CVE-2019-15098.json index 986a479df14..8a9712b2c3e 100644 --- a/2019/15xxx/CVE-2019-15098.json +++ b/2019/15xxx/CVE-2019-15098.json @@ -126,6 +126,11 @@ "refsource": "UBUNTU", "name": "USN-4186-2", "url": "https://usn.ubuntu.com/4186-2/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/15xxx/CVE-2019-15139.json b/2019/15xxx/CVE-2019-15139.json index 007a126258e..c6f90c878b1 100644 --- a/2019/15xxx/CVE-2019-15139.json +++ b/2019/15xxx/CVE-2019-15139.json @@ -81,6 +81,16 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2519", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00042.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-f12cb1ddab", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3IYH7QSNXXOIDFTYLY455ANZ3JWQ7FCS/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-210b0a6e4f", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FS76VNCFL3FVRMGXQEMHBOKA7EE46BTS/" } ] } diff --git a/2019/15xxx/CVE-2019-15165.json b/2019/15xxx/CVE-2019-15165.json index 5430793117b..2779244bbbb 100644 --- a/2019/15xxx/CVE-2019-15165.json +++ b/2019/15xxx/CVE-2019-15165.json @@ -121,6 +121,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "UBUNTU", + "name": "USN-4221-2", + "url": "https://usn.ubuntu.com/4221-2/" } ] } diff --git a/2019/15xxx/CVE-2019-15166.json b/2019/15xxx/CVE-2019-15166.json index 466c9ec25e3..255acb40873 100644 --- a/2019/15xxx/CVE-2019-15166.json +++ b/2019/15xxx/CVE-2019-15166.json @@ -116,6 +116,11 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra", "url": "http://seclists.org/fulldisclosure/2019/Dec/26" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200120-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200120-0001/" } ] } diff --git a/2019/15xxx/CVE-2019-15217.json b/2019/15xxx/CVE-2019-15217.json index 5ce535ccbf8..9e101f255a3 100644 --- a/2019/15xxx/CVE-2019-15217.json +++ b/2019/15xxx/CVE-2019-15217.json @@ -111,6 +111,11 @@ "refsource": "UBUNTU", "name": "USN-4147-1", "url": "https://usn.ubuntu.com/4147-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/15xxx/CVE-2019-15255.json b/2019/15xxx/CVE-2019-15255.json new file mode 100644 index 00000000000..f1a4988ea81 --- /dev/null +++ b/2019/15xxx/CVE-2019-15255.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-08T16:00:00-0800", + "ID": "CVE-2019-15255", + "STATE": "PUBLIC", + "TITLE": "Cisco Identity Services Engine Authorization Bypass Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Identity Services Engine Software ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200108 Cisco Identity Services Engine Authorization Bypass Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-ise-auth-bypass" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200108-ise-auth-bypass", + "defect": [ + [ + "CSCvq67348" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15278.json b/2019/15xxx/CVE-2019-15278.json new file mode 100644 index 00000000000..f9b8dd2e28a --- /dev/null +++ b/2019/15xxx/CVE-2019-15278.json @@ -0,0 +1,88 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-08T16:00:00-0800", + "ID": "CVE-2019-15278", + "STATE": "PUBLIC", + "TITLE": "Cisco Finesse Cross-Site Scripting Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Finesse ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to bypass authorization and access sensitive information related to the device. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to sensitive information." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200108 Cisco Finesse Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-finesse-xss" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200108-finesse-xss", + "defect": [ + [ + "CSCvr19591", + "CSCvr33151" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15291.json b/2019/15xxx/CVE-2019-15291.json index a1ce61a33e8..c7d5329debc 100644 --- a/2019/15xxx/CVE-2019-15291.json +++ b/2019/15xxx/CVE-2019-15291.json @@ -91,6 +91,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/15xxx/CVE-2019-15313.json b/2019/15xxx/CVE-2019-15313.json new file mode 100644 index 00000000000..c0a8fce8347 --- /dev/null +++ b/2019/15xxx/CVE-2019-15313.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109141", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109141" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15505.json b/2019/15xxx/CVE-2019-15505.json index f2e0836b5ed..f276af7e556 100644 --- a/2019/15xxx/CVE-2019-15505.json +++ b/2019/15xxx/CVE-2019-15505.json @@ -131,6 +131,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/15xxx/CVE-2019-15578.json b/2019/15xxx/CVE-2019-15578.json new file mode 100644 index 00000000000..22d74ce35d4 --- /dev/null +++ b/2019/15xxx/CVE-2019-15578.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15578", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab CE/EE", + "version": { + "version_data": [ + { + "version_value": "before 12.3.2" + }, + { + "version_value": "before 12.2.6" + }, + { + "version_value": "before 12.1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/", + "url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/650574", + "url": "https://hackerone.com/reports/650574" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). The path of a private project, that used to be public, would be disclosed in the unsubscribe email link of issues and merge requests." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15579.json b/2019/15xxx/CVE-2019-15579.json new file mode 100644 index 00000000000..8827fbb75c7 --- /dev/null +++ b/2019/15xxx/CVE-2019-15579.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15579", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab CE/EE", + "version": { + "version_data": [ + { + "version_value": "before 12.3.2" + }, + { + "version_value": "before 12.2.6" + }, + { + "version_value": "before 12.1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/", + "url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/635516", + "url": "https://hackerone.com/reports/635516" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) where the assignee(s) of a confidential issue in a private project would be disclosed to a guest via milestones." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15581.json b/2019/15xxx/CVE-2019-15581.json new file mode 100644 index 00000000000..64b29004eba --- /dev/null +++ b/2019/15xxx/CVE-2019-15581.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15581", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab EE", + "version": { + "version_data": [ + { + "version_value": "before 12.3.2" + }, + { + "version_value": "before 12.2.6" + }, + { + "version_value": "before 12.1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object Reference (IDOR) (CWE-639)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/", + "url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/518995", + "url": "https://hackerone.com/reports/518995" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project owner or maintainer to see the members of any private group via merge request approval rules." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15582.json b/2019/15xxx/CVE-2019-15582.json new file mode 100644 index 00000000000..4d26cdda95d --- /dev/null +++ b/2019/15xxx/CVE-2019-15582.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15582", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab EE", + "version": { + "version_data": [ + { + "version_value": "before 12.3.2" + }, + { + "version_value": "before 12.2.6" + }, + { + "version_value": "before 12.1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object Reference (IDOR) (CWE-639)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/", + "url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/566216", + "url": "https://hackerone.com/reports/566216" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maintainer to add any private group to a protected environment." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15583.json b/2019/15xxx/CVE-2019-15583.json new file mode 100644 index 00000000000..0367b2cde6a --- /dev/null +++ b/2019/15xxx/CVE-2019-15583.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15583", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab CE/EE", + "version": { + "version_data": [ + { + "version_value": "before 12.3.2" + }, + { + "version_value": "before 12.2.6" + }, + { + "version_value": "before 12.1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/", + "url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/643854", + "url": "https://hackerone.com/reports/643854" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE). When an issue was moved to a public project from a private one, the associated private labels and the private project namespace would be disclosed through the GitLab API." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15585.json b/2019/15xxx/CVE-2019-15585.json new file mode 100644 index 00000000000..676d5c1baa5 --- /dev/null +++ b/2019/15xxx/CVE-2019-15585.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15585", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "Gitlab CE/EE", + "version": { + "version_data": [ + { + "version_value": "before 12.3.2" + }, + { + "version_value": "before 12.2.6" + }, + { + "version_value": "before 12.1.12" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication - Generic (CWE-287)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/", + "url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/471323", + "url": "https://hackerone.com/reports/471323" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper authentication exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) in the GitLab SAML integration had a validation issue that permitted an attacker to takeover another user's account." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15586.json b/2019/15xxx/CVE-2019-15586.json new file mode 100644 index 00000000000..fc654c7f01e --- /dev/null +++ b/2019/15xxx/CVE-2019-15586.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15586", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "Gitlab CE/EE", + "version": { + "version_data": [ + { + "version_value": "before 12.1.10" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - DOM (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/645043", + "url": "https://hackerone.com/reports/645043" + }, + { + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/", + "url": "https://about.gitlab.com/blog/2019/09/30/security-release-gitlab-12-dot-3-dot-2-released/" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15590.json b/2019/15xxx/CVE-2019-15590.json new file mode 100644 index 00000000000..4fd0e3b53c3 --- /dev/null +++ b/2019/15xxx/CVE-2019-15590.json @@ -0,0 +1,73 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15590", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab EE", + "version": { + "version_data": [ + { + "version_value": "before 12.3.5" + }, + { + "version_value": "before 12.2.8" + }, + { + "version_value": "before 12.1.14" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control - Generic (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/701144", + "url": "https://hackerone.com/reports/701144" + }, + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/10/07/security-release-gitlab-12-dot-3-dot-5-released/", + "url": "https://about.gitlab.com/releases/2019/10/07/security-release-gitlab-12-dot-3-dot-5-released/" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An access control issue exists in < 12.3.5, < 12.2.8, and < 12.1.14 for GitLab Community Edition (CE) and Enterprise Edition (EE) where private merge requests and issues would be disclosed with the Group Search feature provided by Elasticsearch integration" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15601.json b/2019/15xxx/CVE-2019-15601.json index 6752fd15207..17f8de22e0e 100644 --- a/2019/15xxx/CVE-2019-15601.json +++ b/2019/15xxx/CVE-2019-15601.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[oss-security] 20200108 [SECURITY ADVISORY] curl: SMB access smuggling via FILE URL on Windows (CVE-2019-15601)", "url": "http://www.openwall.com/lists/oss-security/2020/01/08/1" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200127-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200127-0002/" } ] }, diff --git a/2019/15xxx/CVE-2019-15607.json b/2019/15xxx/CVE-2019-15607.json new file mode 100644 index 00000000000..95deeceedd7 --- /dev/null +++ b/2019/15xxx/CVE-2019-15607.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15607", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "node-red", + "version": { + "version_data": [ + { + "version_value": "0.20.7 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS) - Stored (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/681986", + "url": "https://hackerone.com/reports/681986" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A stored XSS vulnerability is present within node-red (version: <= 0.20.7) npm package, which is a visual tool for wiring the Internet of Things. This issue will allow the attacker to steal session cookies, deface web applications, etc." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15625.json b/2019/15xxx/CVE-2019-15625.json new file mode 100644 index 00000000000..e556dcfedae --- /dev/null +++ b/2019/15xxx/CVE-2019-15625.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2019-15625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Password Manager", + "version": { + "version_data": [ + { + "version_value": "3.8.0.1103 and below " + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Usage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123595.aspx", + "refsource": "MISC", + "name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123595.aspx" + }, + { + "url": "https://jvn.jp/en/jp/JVN49593434/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN49593434/index.html" + }, + { + "url": "https://esupport.trendmicro.com/support/pwm/solution/ja-jp/1123614.aspx", + "refsource": "MISC", + "name": "https://esupport.trendmicro.com/support/pwm/solution/ja-jp/1123614.aspx" + }, + { + "url": "https://jvn.jp/jp/JVN49593434/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/jp/JVN49593434/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15691.json b/2019/15xxx/CVE-2019-15691.json index ef58deb101c..eaf9d80f863 100644 --- a/2019/15xxx/CVE-2019-15691.json +++ b/2019/15xxx/CVE-2019-15691.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update", "url": "https://www.openwall.com/lists/oss-security/2019/12/20/2" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0087", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html" } ] }, diff --git a/2019/15xxx/CVE-2019-15692.json b/2019/15xxx/CVE-2019-15692.json index b79eb10251f..989552faf43 100644 --- a/2019/15xxx/CVE-2019-15692.json +++ b/2019/15xxx/CVE-2019-15692.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update", "url": "https://www.openwall.com/lists/oss-security/2019/12/20/2" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0087", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html" } ] }, diff --git a/2019/15xxx/CVE-2019-15693.json b/2019/15xxx/CVE-2019-15693.json index c9d04a0de96..af3dffc4750 100644 --- a/2019/15xxx/CVE-2019-15693.json +++ b/2019/15xxx/CVE-2019-15693.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update", "url": "https://www.openwall.com/lists/oss-security/2019/12/20/2" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0087", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html" } ] }, diff --git a/2019/15xxx/CVE-2019-15694.json b/2019/15xxx/CVE-2019-15694.json index b6a2f60e4b5..1c2f62276ce 100644 --- a/2019/15xxx/CVE-2019-15694.json +++ b/2019/15xxx/CVE-2019-15694.json @@ -58,6 +58,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191220 VNC vulnerabilities. TigerVNC security update", "url": "https://www.openwall.com/lists/oss-security/2019/12/20/2" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0087", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html" } ] }, diff --git a/2019/15xxx/CVE-2019-15695.json b/2019/15xxx/CVE-2019-15695.json index 4202633dc58..3549b1d16f7 100644 --- a/2019/15xxx/CVE-2019-15695.json +++ b/2019/15xxx/CVE-2019-15695.json @@ -58,6 +58,11 @@ "refsource": "MISC", "name": "https://github.com/CendioOssman/tigervnc/commit/05e28490873a861379c943bf616614b78b558b89", "url": "https://github.com/CendioOssman/tigervnc/commit/05e28490873a861379c943bf616614b78b558b89" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0087", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00039.html" } ] }, diff --git a/2019/15xxx/CVE-2019-15707.json b/2019/15xxx/CVE-2019-15707.json new file mode 100644 index 00000000000..5d1dbcfa57d --- /dev/null +++ b/2019/15xxx/CVE-2019-15707.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15707", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiMail", + "version": { + "version_data": [ + { + "version_value": "FortiMail 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fortiguard.com/advisory/FG-IR-19-237", + "url": "https://fortiguard.com/advisory/FG-IR-19-237" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to perform system backup config download they should not be authorized for." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15712.json b/2019/15xxx/CVE-2019-15712.json new file mode 100644 index 00000000000..409bef6b61b --- /dev/null +++ b/2019/15xxx/CVE-2019-15712.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15712", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiMail", + "version": { + "version_data": [ + { + "version_value": "FortiMail 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fortiguard.com/advisory/FG-IR-19-237", + "url": "https://fortiguard.com/advisory/FG-IR-19-237" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An improper access control vulnerability in FortiMail admin webUI 6.2.0, 6.0.0 to 6.0.6, 5.4.10 and below may allow administrators to access web console they should not be authorized for." + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15742.json b/2019/15xxx/CVE-2019-15742.json new file mode 100644 index 00000000000..dff7596edf2 --- /dev/null +++ b/2019/15xxx/CVE-2019-15742.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15742", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A local privilege-escalation vulnerability exists in the Poly Plantronics Hub before 3.14 for Windows client application. A local attacker can exploit this issue to gain elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155952/Plantronics-Hub-SpokesUpdateService-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/155952/Plantronics-Hub-SpokesUpdateService-Privilege-Escalation.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15845.json b/2019/15xxx/CVE-2019-15845.json index 7a17728eaa3..b2a00f8c337 100644 --- a/2019/15xxx/CVE-2019-15845.json +++ b/2019/15xxx/CVE-2019-15845.json @@ -81,6 +81,11 @@ "refsource": "DEBIAN", "name": "DSA-4587", "url": "https://www.debian.org/security/2019/dsa-4587" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/15xxx/CVE-2019-15854.json b/2019/15xxx/CVE-2019-15854.json new file mode 100644 index 00000000000..cbc952189ff --- /dev/null +++ b/2019/15xxx/CVE-2019-15854.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Maarch RM before 2.5. A privilege escalation vulnerability allows an authenticated user with lowest privileges to give herself highest administration privileges via a crafted PUT request to an unauthorized resource." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://labs.maarch.org/maarch/maarchRM/blob/master/CHANGELOG.md", + "url": "https://labs.maarch.org/maarch/maarchRM/blob/master/CHANGELOG.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15855.json b/2019/15xxx/CVE-2019-15855.json new file mode 100644 index 00000000000..73722d73fb7 --- /dev/null +++ b/2019/15xxx/CVE-2019-15855.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Maarch RM before 2.5. A path traversal vulnerability allows an unauthenticated remote attacker to overwrite any files with a crafted POST request if the default installation procedure was followed. This results in a permanent Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://labs.maarch.org/maarch/maarchRM/blob/master/CHANGELOG.md", + "url": "https://labs.maarch.org/maarch/maarchRM/blob/master/CHANGELOG.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15903.json b/2019/15xxx/CVE-2019-15903.json index b039421a1b5..ccc7d684a63 100644 --- a/2019/15xxx/CVE-2019-15903.json +++ b/2019/15xxx/CVE-2019-15903.json @@ -316,6 +316,16 @@ "refsource": "FULLDISC", "name": "20191213 APPLE-SA-2019-12-10-5 tvOS 13.3", "url": "http://seclists.org/fulldisclosure/2019/Dec/27" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0010", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2019/15xxx/CVE-2019-15942.json b/2019/15xxx/CVE-2019-15942.json index c33a687c4f8..a5b01ebe446 100644 --- a/2019/15xxx/CVE-2019-15942.json +++ b/2019/15xxx/CVE-2019-15942.json @@ -56,6 +56,11 @@ "url": "https://trac.ffmpeg.org/ticket/8093", "refsource": "MISC", "name": "https://trac.ffmpeg.org/ticket/8093" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0024", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html" } ] } diff --git a/2019/15xxx/CVE-2019-15945.json b/2019/15xxx/CVE-2019-15945.json index d31675a0b37..a024b0d4651 100644 --- a/2019/15xxx/CVE-2019-15945.json +++ b/2019/15xxx/CVE-2019-15945.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191229 OpenSC 0.20.0 released", "url": "http://www.openwall.com/lists/oss-security/2019/12/29/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-3c93790abe", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/" } ] } diff --git a/2019/15xxx/CVE-2019-15946.json b/2019/15xxx/CVE-2019-15946.json index 2dafe296357..b9c236521cd 100644 --- a/2019/15xxx/CVE-2019-15946.json +++ b/2019/15xxx/CVE-2019-15946.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191229 OpenSC 0.20.0 released", "url": "http://www.openwall.com/lists/oss-security/2019/12/29/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-3c93790abe", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/" } ] } diff --git a/2019/15xxx/CVE-2019-15961.json b/2019/15xxx/CVE-2019-15961.json new file mode 100644 index 00000000000..3d3cf1b3e1b --- /dev/null +++ b/2019/15xxx/CVE-2019-15961.json @@ -0,0 +1,99 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2019-15961", + "STATE": "PUBLIC", + "TITLE": "Clam AntiVirus (ClamAV) Software Email Parsing Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ClamAV", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "0.102.0" + }, + { + "version_affected": "<", + "version_value": "0.101.4" + } + ] + } + } + ] + }, + "vendor_name": "ClamAV" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.clamav.net/show_bug.cgi?id=12380", + "refsource": "CISCO", + "url": "https://bugzilla.clamav.net/show_bug.cgi?id=12380" + }, + { + "name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010", + "refsource": "CISCO", + "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010" + } + ] + }, + "source": { + "advisory": "CSCvr56010", + "defect": [ + "CSCvr56010" + ], + "discovery": "USER" + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15989.json b/2019/15xxx/CVE-2019-15989.json new file mode 100644 index 00000000000..bbf22beb0ca --- /dev/null +++ b/2019/15xxx/CVE-2019-15989.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", + "ID": "CVE-2019-15989", + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XR Software Border Gateway Protocol Attribute Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR Software ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the implementation of the Border Gateway Protocol (BGP) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains a specific BGP attribute. An attacker could exploit this vulnerability by sending BGP update messages that include a specific, malformed attribute to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer or would need to be injected by the attacker into the victim’s BGP network on an existing, valid TCP connection to a BGP peer." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.6", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco IOS XR Software Border Gateway Protocol Attribute Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-bgp-dos" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-ios-xr-bgp-dos", + "defect": [ + [ + "CSCvr69950" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16003.json b/2019/16xxx/CVE-2019-16003.json new file mode 100644 index 00000000000..66f6534ae04 --- /dev/null +++ b/2019/16xxx/CVE-2019-16003.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-08T16:00:00-0800", + "ID": "CVE-2019-16003", + "STATE": "PUBLIC", + "TITLE": "Cisco UCS Director Information Disclosure Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco UCS Director ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to download system log files from an affected device. The vulnerability is due to an issue in the authentication logic of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web interface. A successful exploit could allow the attacker to download log files if they were previously generated by an administrator." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200108 Cisco UCS Director Information Disclosure Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-ucs-dir-infodis" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200108-ucs-dir-infodis", + "defect": [ + [ + "CSCvr00602" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16005.json b/2019/16xxx/CVE-2019-16005.json new file mode 100644 index 00000000000..6759053436a --- /dev/null +++ b/2019/16xxx/CVE-2019-16005.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-08T16:00:00-0800", + "ID": "CVE-2019-16005", + "STATE": "PUBLIC", + "TITLE": "Cisco Webex Video Mesh Node Command Injection Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Webex Video Mesh ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an authenticated, remote attacker to execute arbitrary commands on the affected system. The vulnerability is due to improper validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by logging in to the web-based management interface with administrative privileges and supplying crafted requests to the application. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system with root privileges on a targeted node." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200108 Cisco Webex Video Mesh Node Command Injection Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-webex-video" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200108-webex-video", + "defect": [ + [ + "CSCvr35921" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16008.json b/2019/16xxx/CVE-2019-16008.json new file mode 100644 index 00000000000..7494017bb8e --- /dev/null +++ b/2019/16xxx/CVE-2019-16008.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-08T16:00:00-0800", + "ID": "CVE-2019-16008", + "STATE": "PUBLIC", + "TITLE": "Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IP Phone 7800 Series with Multiplatform Firmware ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based GUI of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200108 Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-iphone-xss" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200108-iphone-xss", + "defect": [ + [ + "CSCvq85331" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16015.json b/2019/16xxx/CVE-2019-16015.json new file mode 100644 index 00000000000..4f831806bbf --- /dev/null +++ b/2019/16xxx/CVE-2019-16015.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-08T16:00:00-0800", + "ID": "CVE-2019-16015", + "STATE": "PUBLIC", + "TITLE": "Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Data Center Analytics Framework ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information on the affected system." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200108 Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-dcaf-xss" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200108-dcaf-xss", + "defect": [ + [ + "CSCvs23487" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16018.json b/2019/16xxx/CVE-2019-16018.json new file mode 100644 index 00000000000..7f961b2c330 --- /dev/null +++ b/2019/16xxx/CVE-2019-16018.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", + "ID": "CVE-2019-16018", + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR Software ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of a BGP update message that contains crafted EVPN attributes. An attacker could indirectly exploit the vulnerability by sending BGP EVPN update messages with a specific, malformed attribute to an affected system and waiting for a user on the device to display the EVPN operational routes’ status. If successful, the attacker could cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit this vulnerability, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco IOS XR Software EVPN Operational Routes Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-routes" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-ios-xr-routes", + "defect": [ + [ + "CSCvr74902" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16020.json b/2019/16xxx/CVE-2019-16020.json new file mode 100644 index 00000000000..e0e955d68dc --- /dev/null +++ b/2019/16xxx/CVE-2019-16020.json @@ -0,0 +1,91 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", + "ID": "CVE-2019-16020", + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR Software ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.6", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-ios-xr-evpn", + "defect": [ + [ + "CSCvr74413", + "CSCvr74986", + "CSCvr80793", + "CSCvr83742", + "CSCvr84254" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16022.json b/2019/16xxx/CVE-2019-16022.json new file mode 100644 index 00000000000..eb6f29ae50b --- /dev/null +++ b/2019/16xxx/CVE-2019-16022.json @@ -0,0 +1,91 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", + "ID": "CVE-2019-16022", + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR Software ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.6", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco IOS XR Software BGP EVPN Denial of Service Vulnerabilities", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-evpn" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-ios-xr-evpn", + "defect": [ + [ + "CSCvr74413", + "CSCvr74986", + "CSCvr80793", + "CSCvr83742", + "CSCvr84254" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16024.json b/2019/16xxx/CVE-2019-16024.json new file mode 100644 index 00000000000..4b7aa682bbc --- /dev/null +++ b/2019/16xxx/CVE-2019-16024.json @@ -0,0 +1,90 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-08T16:00:00-0800", + "ID": "CVE-2019-16024", + "STATE": "PUBLIC", + "TITLE": "Cisco Crosswork Change Automation Cross-Site Scripting Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Crosswork Network Change Automation ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Crosswork Change Automation could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200108 Cisco Crosswork Change Automation Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-cnca-xss" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200108-cnca-xss", + "defect": [ + [ + "CSCvr04270", + "CSCvr04277", + "CSCvs07146", + "CSCvs37930" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16026.json b/2019/16xxx/CVE-2019-16026.json new file mode 100644 index 00000000000..6fe13a89034 --- /dev/null +++ b/2019/16xxx/CVE-2019-16026.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-08T16:00:00-0800", + "ID": "CVE-2019-16026", + "STATE": "PUBLIC", + "TITLE": "Cisco Mobility Management Entity Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco ASR 5000 Series Software ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the implementation of the Stream Control Transmission Protocol (SCTP) on Cisco Mobility Management Entity (MME) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an eNodeB that is connected to an affected device. The vulnerability is due to insufficient input validation of SCTP traffic. An attacker could exploit this vulnerability by leveraging a man-in-the-middle position between the eNodeB and the MME and then sending a crafted SCTP message to the MME. A successful exploit would cause the MME to stop sending SCTP messages to the eNodeB, triggering a DoS condition." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.8", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200108 Cisco Mobility Management Entity Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-mme-dos" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200108-mme-dos", + "defect": [ + [ + "CSCvs01456" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16027.json b/2019/16xxx/CVE-2019-16027.json new file mode 100644 index 00000000000..e7165f6437a --- /dev/null +++ b/2019/16xxx/CVE-2019-16027.json @@ -0,0 +1,87 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", + "ID": "CVE-2019-16027", + "STATE": "PUBLIC", + "TITLE": "Cisco IOS XR Software Intermediate System\u2013to\u2013Intermediate System Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS XR Software ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the implementation of the Intermediate System–to–Intermediate System (IS–IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS–IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS–IS process. An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. A successful exploit could allow the attacker to cause a DoS condition in the IS–IS process." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "7.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco IOS XR Software Intermediate System\u2013to\u2013Intermediate System Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-ios-xr-dos" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-ios-xr-dos", + "defect": [ + [ + "CSCvr62342" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16029.json b/2019/16xxx/CVE-2019-16029.json new file mode 100644 index 00000000000..434e6b3ce74 --- /dev/null +++ b/2019/16xxx/CVE-2019-16029.json @@ -0,0 +1,88 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", + "ID": "CVE-2019-16029", + "STATE": "PUBLIC", + "TITLE": "Cisco Smart Software Manager On-Prem Web Interface Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Smart Software Manager On-Prem ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS) condition of the web interface. The vulnerability is due to the lack of input validation in the API. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to change or corrupt user account information which could grant the attacker administrator access or prevent legitimate user access to the web interface, resulting in a denial of service (DoS) condition." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.2", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco Smart Software Manager On-Prem Web Interface Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-on-prem-dos" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-on-prem-dos", + "defect": [ + [ + "CSCvr52711", + "CSCvr78992" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16056.json b/2019/16xxx/CVE-2019-16056.json index f6d7f883bef..e04dfccf490 100644 --- a/2019/16xxx/CVE-2019-16056.json +++ b/2019/16xxx/CVE-2019-16056.json @@ -181,6 +181,21 @@ "refsource": "REDHAT", "name": "RHSA-2019:3948", "url": "https://access.redhat.com/errata/RHSA-2019:3948" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-7ec5bb5d22", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEARDOTXCYPYELKBD2KWZ27GSPXDI3GQ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a268ba7b23", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGESQSGIHDCIGOBVF7VXCMIE6YDWRYB/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2019/16xxx/CVE-2019-16153.json b/2019/16xxx/CVE-2019-16153.json new file mode 100644 index 00000000000..b1d5b28239f --- /dev/null +++ b/2019/16xxx/CVE-2019-16153.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-16153", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiSIEM", + "version": { + "version_data": [ + { + "version_value": "FortiSIEM 5.2.5 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-19-195", + "url": "https://fortiguard.com/advisory/FG-IR-19-195" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A hard-coded password vulnerability in the Fortinet FortiSIEM database component version 5.2.5 and below may allow attackers to access the device database via the use of static credentials." + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16167.json b/2019/16xxx/CVE-2019-16167.json index b7296a1560f..0780b91ec89 100644 --- a/2019/16xxx/CVE-2019-16167.json +++ b/2019/16xxx/CVE-2019-16167.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2397", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00068.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4242-1", + "url": "https://usn.ubuntu.com/4242-1/" } ] } diff --git a/2019/16xxx/CVE-2019-16168.json b/2019/16xxx/CVE-2019-16168.json index 6dfa708700b..7cdef268456 100644 --- a/2019/16xxx/CVE-2019-16168.json +++ b/2019/16xxx/CVE-2019-16168.json @@ -91,6 +91,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-b1636e0b70", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XZARJHJJDBHI7CE5PZEBXS5HKK6HXKW2/" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" } ] } diff --git a/2019/16xxx/CVE-2019-16201.json b/2019/16xxx/CVE-2019-16201.json index 2e6ff5abd78..5528e29383d 100644 --- a/2019/16xxx/CVE-2019-16201.json +++ b/2019/16xxx/CVE-2019-16201.json @@ -81,6 +81,11 @@ "refsource": "DEBIAN", "name": "DSA-4587", "url": "https://www.debian.org/security/2019/dsa-4587" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16231.json b/2019/16xxx/CVE-2019-16231.json index ead001855cb..461efbe4529 100644 --- a/2019/16xxx/CVE-2019-16231.json +++ b/2019/16xxx/CVE-2019-16231.json @@ -91,6 +91,11 @@ "refsource": "UBUNTU", "name": "USN-4227-2", "url": "https://usn.ubuntu.com/4227-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/16xxx/CVE-2019-16239.json b/2019/16xxx/CVE-2019-16239.json index ca05ac62456..6ebaba8d3ac 100644 --- a/2019/16xxx/CVE-2019-16239.json +++ b/2019/16xxx/CVE-2019-16239.json @@ -91,6 +91,16 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2388", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00061.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4607", + "url": "https://www.debian.org/security/2020/dsa-4607" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4607-1] openconnect security update", + "url": "https://seclists.org/bugtraq/2020/Jan/31" } ] } diff --git a/2019/16xxx/CVE-2019-16254.json b/2019/16xxx/CVE-2019-16254.json index f828fe0c696..74bf79fe754 100644 --- a/2019/16xxx/CVE-2019-16254.json +++ b/2019/16xxx/CVE-2019-16254.json @@ -106,6 +106,11 @@ "refsource": "DEBIAN", "name": "DSA-4586", "url": "https://www.debian.org/security/2019/dsa-4586" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16255.json b/2019/16xxx/CVE-2019-16255.json index 561883940bc..ae805c090f7 100644 --- a/2019/16xxx/CVE-2019-16255.json +++ b/2019/16xxx/CVE-2019-16255.json @@ -101,6 +101,11 @@ "refsource": "DEBIAN", "name": "DSA-4587", "url": "https://www.debian.org/security/2019/dsa-4587" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/16xxx/CVE-2019-16276.json b/2019/16xxx/CVE-2019-16276.json index d7da92c332e..a61c58b92c4 100644 --- a/2019/16xxx/CVE-2019-16276.json +++ b/2019/16xxx/CVE-2019-16276.json @@ -91,6 +91,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191122-0004/", "url": "https://security.netapp.com/advisory/ntap-20191122-0004/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0101", + "url": "https://access.redhat.com/errata/RHSA-2020:0101" } ] } diff --git a/2019/16xxx/CVE-2019-16335.json b/2019/16xxx/CVE-2019-16335.json index 377f7d26677..f15fb3ed7a4 100644 --- a/2019/16xxx/CVE-2019-16335.json +++ b/2019/16xxx/CVE-2019-16335.json @@ -146,6 +146,36 @@ "refsource": "MLIST", "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html", "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0164", + "url": "https://access.redhat.com/errata/RHSA-2020:0164" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0159", + "url": "https://access.redhat.com/errata/RHSA-2020:0159" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0160", + "url": "https://access.redhat.com/errata/RHSA-2020:0160" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0161", + "url": "https://access.redhat.com/errata/RHSA-2020:0161" + }, + { + "refsource": "MLIST", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html", + "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E" } ] } diff --git a/2019/16xxx/CVE-2019-16405.json b/2019/16xxx/CVE-2019-16405.json index 5d86c2298e4..781d5ee01a6 100644 --- a/2019/16xxx/CVE-2019-16405.json +++ b/2019/16xxx/CVE-2019-16405.json @@ -96,6 +96,11 @@ "refsource": "CONFIRM", "name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html", "url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.10.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155999/Centreon-19.04-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155999/Centreon-19.04-Remote-Code-Execution.html" } ] } diff --git a/2019/16xxx/CVE-2019-16466.json b/2019/16xxx/CVE-2019-16466.json new file mode 100644 index 00000000000..341b9690dda --- /dev/null +++ b/2019/16xxx/CVE-2019-16466.json @@ -0,0 +1,62 @@ +{ + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 versions" + } + ] + }, + "product_name": "Adobe Experience Manager" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected Cross-Site Scripting" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-16466", + "ASSIGNER": "psirt@adobe.com" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16467.json b/2019/16xxx/CVE-2019-16467.json new file mode 100644 index 00000000000..ad54a086a63 --- /dev/null +++ b/2019/16xxx/CVE-2019-16467.json @@ -0,0 +1,62 @@ +{ + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 versions" + } + ] + }, + "product_name": "Adobe Experience Manager" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Reflected Cross-Site Scripting" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-16467", + "ASSIGNER": "psirt@adobe.com" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16468.json b/2019/16xxx/CVE-2019-16468.json new file mode 100644 index 00000000000..a407584282d --- /dev/null +++ b/2019/16xxx/CVE-2019-16468.json @@ -0,0 +1,62 @@ +{ + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an user interface injection vulnerability. Successful exploitation could lead to sensitive information disclosure." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 versions" + } + ] + }, + "product_name": "Adobe Experience Manager" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "User Interface Injection" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-16468", + "ASSIGNER": "psirt@adobe.com" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16469.json b/2019/16xxx/CVE-2019-16469.json new file mode 100644 index 00000000000..774290ba20d --- /dev/null +++ b/2019/16xxx/CVE-2019-16469.json @@ -0,0 +1,62 @@ +{ + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 versions" + } + ] + }, + "product_name": "Adobe Experience Manager" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Expression Language injection" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/experience-manager/apsb20-01.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-16469", + "ASSIGNER": "psirt@adobe.com" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16512.json b/2019/16xxx/CVE-2019-16512.json new file mode 100644 index 00000000000..6379d496454 --- /dev/null +++ b/2019/16xxx/CVE-2019-16512.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is stored XSS in the Appearance modifier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/connectwise-control", + "url": "https://know.bishopfox.com/advisories/connectwise-control" + }, + { + "refsource": "MISC", + "name": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34", + "url": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox", + "url": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox", + "url": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16513.json b/2019/16xxx/CVE-2019-16513.json new file mode 100644 index 00000000000..ae8458f9aa3 --- /dev/null +++ b/2019/16xxx/CVE-2019-16513.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16513", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. CSRF can be used to send API requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/connectwise-control", + "url": "https://know.bishopfox.com/advisories/connectwise-control" + }, + { + "refsource": "MISC", + "name": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34", + "url": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox", + "url": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox", + "url": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16514.json b/2019/16xxx/CVE-2019-16514.json new file mode 100644 index 00000000000..c23f1fab979 --- /dev/null +++ b/2019/16xxx/CVE-2019-16514.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/connectwise-control", + "url": "https://know.bishopfox.com/advisories/connectwise-control" + }, + { + "refsource": "MISC", + "name": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34", + "url": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox", + "url": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox", + "url": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16515.json b/2019/16xxx/CVE-2019-16515.json new file mode 100644 index 00000000000..a7feeb407d6 --- /dev/null +++ b/2019/16xxx/CVE-2019-16515.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16515", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. Certain HTTP security headers are not used." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10013", + "url": "https://wpvulndb.com/vulnerabilities/10013" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/connectwise-control", + "url": "https://know.bishopfox.com/advisories/connectwise-control" + }, + { + "refsource": "MISC", + "name": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34", + "url": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox", + "url": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16516.json b/2019/16xxx/CVE-2019-16516.json new file mode 100644 index 00000000000..454e4b4b4e0 --- /dev/null +++ b/2019/16xxx/CVE-2019-16516.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16516", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/connectwise-control", + "url": "https://know.bishopfox.com/advisories/connectwise-control" + }, + { + "refsource": "MISC", + "name": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34", + "url": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox", + "url": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox", + "url": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16517.json b/2019/16xxx/CVE-2019-16517.json new file mode 100644 index 00000000000..f88b03a1f25 --- /dev/null +++ b/2019/16xxx/CVE-2019-16517.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative actions, without the victim's knowledge." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/connectwise-control", + "url": "https://know.bishopfox.com/advisories/connectwise-control" + }, + { + "refsource": "MISC", + "name": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34", + "url": "https://blog.huntresslabs.com/validating-the-bishop-fox-findings-in-connectwise-control-9155eec36a34" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox", + "url": "https://www.crn.com/news/managed-services/connectwise-control-msp-security-vulnerabilities-are-severe-bishop-fox" + }, + { + "refsource": "MISC", + "name": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox", + "url": "https://www.crn.com/slide-shows/managed-services/connectwise-control-attack-chain-exploit-20-questions-for-security-researcher-bishop-fox" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16723.json b/2019/16xxx/CVE-2019-16723.json index 54d01fc2d68..fbb39787413 100644 --- a/2019/16xxx/CVE-2019-16723.json +++ b/2019/16xxx/CVE-2019-16723.json @@ -66,6 +66,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-362f0e9710", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZO3ROHHPKLH2JRW7ES5FYSQTWIPNVLQB/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4604-1] cacti security update", + "url": "https://seclists.org/bugtraq/2020/Jan/25" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4604", + "url": "https://www.debian.org/security/2020/dsa-4604" } ] } diff --git a/2019/16xxx/CVE-2019-16746.json b/2019/16xxx/CVE-2019-16746.json index 501985ae08d..cc5f56b51cf 100644 --- a/2019/16xxx/CVE-2019-16746.json +++ b/2019/16xxx/CVE-2019-16746.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-4210-1", "url": "https://usn.ubuntu.com/4210-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/16xxx/CVE-2019-16773.json b/2019/16xxx/CVE-2019-16773.json index d4b908e0a8e..61389bb381a 100644 --- a/2019/16xxx/CVE-2019-16773.json +++ b/2019/16xxx/CVE-2019-16773.json @@ -1,105 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "security-advisories@github.com", - "ID": "CVE-2019-16773", - "STATE": "PUBLIC", - "TITLE": "Stored cross-site scripting (XSS) in WordPress through 'wp_targeted_link_rel'" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "WordPress", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "< 3.5.1", - "version_value": "3.5.1" - } - ] - } - } - ] - }, - "vendor_name": "WordPress" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-16773", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "In WordPress versions from 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-20042. Reason: This candidate is a duplicate of CVE-2019-20042. Notes: All CVE users should reference CVE-2019-20042 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] - }, - "impact": { - "cvss": { - "attackComplexity": "HIGH", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 5.8, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:N/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross-site Scripting (XSS)" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "name": "https://wpvulndb.com/vulnerabilities/9975", - "url": "https://wpvulndb.com/vulnerabilities/9975" - }, - { - "name": "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/", - "refsource": "MISC", - "url": "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/" - }, - { - "name": "https://github.com/WordPress/wordpress-develop/commit/1f7f3f1f59567e2504f0fbebd51ccf004b3ccb1d", - "refsource": "MISC", - "url": "https://github.com/WordPress/wordpress-develop/commit/1f7f3f1f59567e2504f0fbebd51ccf004b3ccb1d" - }, - { - "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xvg2-m2f4-83m7", - "refsource": "CONFIRM", - "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xvg2-m2f4-83m7" - }, - { - "name": "https://hackerone.com/reports/509930", - "refsource": "MISC", - "url": "https://hackerone.com/reports/509930" - } - ] - }, - "source": { - "advisory": "GHSA-xvg2-m2f4-83m7", - "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16775.json b/2019/16xxx/CVE-2019-16775.json index 9c6cbe414b6..ccfd3f29b48 100644 --- a/2019/16xxx/CVE-2019-16775.json +++ b/2019/16xxx/CVE-2019-16775.json @@ -80,6 +80,21 @@ "name": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli", "refsource": "MISC", "url": "https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0059", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-595ce5e3cc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/" } ] }, diff --git a/2019/16xxx/CVE-2019-16776.json b/2019/16xxx/CVE-2019-16776.json index 7ed553dca88..044d40d453e 100644 --- a/2019/16xxx/CVE-2019-16776.json +++ b/2019/16xxx/CVE-2019-16776.json @@ -80,6 +80,21 @@ "name": "https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46", "refsource": "CONFIRM", "url": "https://github.com/npm/cli/security/advisories/GHSA-x8qc-rrcw-4r46" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0059", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-595ce5e3cc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/" } ] }, diff --git a/2019/16xxx/CVE-2019-16777.json b/2019/16xxx/CVE-2019-16777.json index 22c6e705297..a5ed6be6bef 100644 --- a/2019/16xxx/CVE-2019-16777.json +++ b/2019/16xxx/CVE-2019-16777.json @@ -80,6 +80,21 @@ "name": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr", "refsource": "CONFIRM", "url": "https://github.com/npm/cli/security/advisories/GHSA-4328-8hgf-7wjr" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0059", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00027.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-595ce5e3cc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/" } ] }, diff --git a/2019/16xxx/CVE-2019-16779.json b/2019/16xxx/CVE-2019-16779.json index 47b57fa782f..be2a303a113 100644 --- a/2019/16xxx/CVE-2019-16779.json +++ b/2019/16xxx/CVE-2019-16779.json @@ -80,6 +80,16 @@ "name": "https://github.com/excon/excon/commit/ccb57d7a422f020dc74f1de4e8fb505ab46d8a29", "refsource": "MISC", "url": "https://github.com/excon/excon/commit/ccb57d7a422f020dc74f1de4e8fb505ab46d8a29" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0036", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00021.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200119 [SECURITY] [DLA 2070-1] ruby-excon security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00015.html" } ] }, @@ -93,4 +103,4 @@ "value": "Users can workaround the problem by disabling persistent connections, though this may cause performance implications." } ] -} +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16782.json b/2019/16xxx/CVE-2019-16782.json index 787399bca0e..15b5c03f102 100644 --- a/2019/16xxx/CVE-2019-16782.json +++ b/2019/16xxx/CVE-2019-16782.json @@ -93,6 +93,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191218 Re: [CVE-2019-16782] Possible Information Leak / Session Hijack Vulnerability in Rack", "url": "http://www.openwall.com/lists/oss-security/2019/12/19/3" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-57fc0d0156", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX/" } ] }, diff --git a/2019/16xxx/CVE-2019-16784.json b/2019/16xxx/CVE-2019-16784.json new file mode 100644 index 00000000000..de55d8f0879 --- /dev/null +++ b/2019/16xxx/CVE-2019-16784.json @@ -0,0 +1,90 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", + "ID": "CVE-2019-16784", + "STATE": "PUBLIC", + "TITLE": "Local Privilege Escalation present only on the Windows version of PyInstaller" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PyInstaller", + "version": { + "version_data": [ + { + "platform": "windows", + "version_value": "< 3.6" + } + ] + } + } + ] + }, + "vendor_name": "PyInstaller" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "This vulnerability was discovered and reported by Farid AYOUJIL (@faridtsl), David HA, Florent LE NIGER and Yann GASCUEL (@lnv42) from Alter Solutions (@AlterSolutions) and fixed in collaboration with Hartmut Goebel (@htgoebel)." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in \"onefile\" mode is launched by a privileged user (at least more than the current one) which have his \"TempPath\" resolving to a world writable directory. This is the case for example if the software is launched as a service or as a scheduled task using a system account (TempPath will be C:\\Windows\\Temp). In order to be exploitable the software has to be (re)started after the attacker launch the exploit program, so for a service launched at startup, a service restart is needed (e.g. after a crash or an upgrade)." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-250 Execution with Unnecessary Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/pyinstaller/pyinstaller/security/advisories/GHSA-7fcj-pq9j-wh2r", + "refsource": "CONFIRM", + "url": "https://github.com/pyinstaller/pyinstaller/security/advisories/GHSA-7fcj-pq9j-wh2r" + } + ] + }, + "source": { + "advisory": "GHSA-7fcj-pq9j-wh2r", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16788.json b/2019/16xxx/CVE-2019-16788.json index f51b2e2c637..b332b506e3d 100644 --- a/2019/16xxx/CVE-2019-16788.json +++ b/2019/16xxx/CVE-2019-16788.json @@ -1,100 +1,18 @@ { - "CVE_data_meta": { - "ASSIGNER": "security-advisories@github.com", - "ID": "CVE-2019-16788", - "STATE": "PUBLIC", - "TITLE": "Stored cross-site scripting (XSS) in WordPress through 'wp_targeted_link_rel'" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "WordPress", - "version": { - "version_data": [ - { - "version_affected": "<", - "version_name": "< 3.5.1", - "version_value": "3.5.1" - } - ] - } - } - ] - }, - "vendor_name": "WordPress" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-16788", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "In WordPress versions from 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-20043. Reason: This candidate is a duplicate of CVE-2019-20043. Notes: All CVE users should reference CVE-2019-20043 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] - }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "NETWORK", - "availabilityImpact": "NONE", - "baseScore": 5.4, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "LOW", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", - "version": "3.1" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79 Cross-site Scripting (XSS)" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "name": "https://wpvulndb.com/vulnerabilities/9973", - "url": "https://wpvulndb.com/vulnerabilities/9973" - }, - { - "name": "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/", - "refsource": "MISC", - "url": "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/" - }, - { - "name": "https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9", - "refsource": "MISC", - "url": "https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9" - }, - { - "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw", - "refsource": "CONFIRM", - "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw" - } - ] - }, - "source": { - "advisory": "GHSA-g7rg-hchx-c2gw", - "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16791.json b/2019/16xxx/CVE-2019-16791.json new file mode 100644 index 00000000000..b924bbce4a8 --- /dev/null +++ b/2019/16xxx/CVE-2019-16791.json @@ -0,0 +1,88 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", + "ID": "CVE-2019-16791", + "STATE": "PUBLIC", + "TITLE": "downgrade of effective Strict Transport Security (STS) policy in postfix-mta-sts-resolver" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "postfix-mta-sts-resolver", + "version": { + "version_data": [ + { + "version_value": "< 0.5.1" + } + ] + } + } + ] + }, + "vendor_name": "Snawoot" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS policy." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Snawoot/postfix-mta-sts-resolver/security/advisories/GHSA-h92m-42h4-82f6", + "refsource": "CONFIRM", + "url": "https://github.com/Snawoot/postfix-mta-sts-resolver/security/advisories/GHSA-h92m-42h4-82f6" + }, + { + "name": "https://gist.github.com/Snawoot/b9da85d6b26dea5460673b29df1adc6b", + "refsource": "MISC", + "url": "https://gist.github.com/Snawoot/b9da85d6b26dea5460673b29df1adc6b" + } + ] + }, + "source": { + "advisory": "GHSA-h92m-42h4-82f6", + "discovery": "UNKNOWN" + } +} diff --git a/2019/16xxx/CVE-2019-16792.json b/2019/16xxx/CVE-2019-16792.json new file mode 100644 index 00000000000..4ecd6816e22 --- /dev/null +++ b/2019/16xxx/CVE-2019-16792.json @@ -0,0 +1,95 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", + "ID": "CVE-2019-16792", + "STATE": "PUBLIC", + "TITLE": "HTTP Request Smuggling: Content-Length Sent Twice in Waitress" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Waitress", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 1.3.1", + "version_value": "1.3.1" + } + ] + } + } + ] + }, + "vendor_name": "Pylons" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes", + "refsource": "MISC", + "url": "https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes" + }, + { + "name": "https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6", + "refsource": "CONFIRM", + "url": "https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6" + }, + { + "name": "https://github.com/Pylons/waitress/commit/575994cd42e83fd772a5f7ec98b2c56751bd3f65", + "refsource": "MISC", + "url": "https://github.com/Pylons/waitress/commit/575994cd42e83fd772a5f7ec98b2c56751bd3f65" + } + ] + }, + "source": { + "advisory": "GHSA-4ppp-gpcr-7qf6", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16869.json b/2019/16xxx/CVE-2019-16869.json index 9f8345092ae..285e4fac878 100644 --- a/2019/16xxx/CVE-2019-16869.json +++ b/2019/16xxx/CVE-2019-16869.json @@ -271,6 +271,26 @@ "refsource": "BUGTRAQ", "name": "20200105 [SECURITY] [DSA 4597-1] netty security update", "url": "https://seclists.org/bugtraq/2020/Jan/6" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0164", + "url": "https://access.redhat.com/errata/RHSA-2020:0164" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0159", + "url": "https://access.redhat.com/errata/RHSA-2020:0159" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0160", + "url": "https://access.redhat.com/errata/RHSA-2020:0160" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0161", + "url": "https://access.redhat.com/errata/RHSA-2020:0161" } ] } diff --git a/2019/16xxx/CVE-2019-16884.json b/2019/16xxx/CVE-2019-16884.json index a4aa0659266..ca0aa284c20 100644 --- a/2019/16xxx/CVE-2019-16884.json +++ b/2019/16xxx/CVE-2019-16884.json @@ -96,6 +96,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4269", "url": "https://access.redhat.com/errata/RHSA-2019:4269" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0045", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00010.html" } ] } diff --git a/2019/16xxx/CVE-2019-16935.json b/2019/16xxx/CVE-2019-16935.json index bde5599cfaa..cd8ac3ab338 100644 --- a/2019/16xxx/CVE-2019-16935.json +++ b/2019/16xxx/CVE-2019-16935.json @@ -136,6 +136,21 @@ "refsource": "FEDORA", "name": "FEDORA-2019-57462fa10d", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-7ec5bb5d22", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEARDOTXCYPYELKBD2KWZ27GSPXDI3GQ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-a268ba7b23", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGESQSGIHDCIGOBVF7VXCMIE6YDWRYB/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2019/16xxx/CVE-2019-16942.json b/2019/16xxx/CVE-2019-16942.json index e7ee1f243d7..d55caf1c105 100644 --- a/2019/16xxx/CVE-2019-16942.json +++ b/2019/16xxx/CVE-2019-16942.json @@ -131,6 +131,31 @@ "refsource": "MLIST", "name": "[geode-issues] 20191230 [jira] [Closed] (GEODE-7255) Need to pick up CVE-2019-16942", "url": "https://lists.apache.org/thread.html/a430dbc9be874c41314cc69e697384567a9a24025e819d9485547954@%3Cissues.geode.apache.org%3E" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0164", + "url": "https://access.redhat.com/errata/RHSA-2020:0164" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0159", + "url": "https://access.redhat.com/errata/RHSA-2020:0159" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0160", + "url": "https://access.redhat.com/errata/RHSA-2020:0160" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0161", + "url": "https://access.redhat.com/errata/RHSA-2020:0161" } ] } diff --git a/2019/16xxx/CVE-2019-16943.json b/2019/16xxx/CVE-2019-16943.json index 19e5773e680..14bc54c2e7d 100644 --- a/2019/16xxx/CVE-2019-16943.json +++ b/2019/16xxx/CVE-2019-16943.json @@ -116,6 +116,41 @@ "refsource": "MLIST", "name": "[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)", "url": "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[iceberg-commits] 20191028 [incubator-iceberg] branch master updated: Update Jackson to 2.10.0 for CVE-2019-16943 (#583)", + "url": "https://lists.apache.org/thread.html/5ec8d8d485c2c8ac55ea425f4cd96596ef37312532712639712ebcdd@%3Ccommits.iceberg.apache.org%3E" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", + "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0164", + "url": "https://access.redhat.com/errata/RHSA-2020:0164" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0159", + "url": "https://access.redhat.com/errata/RHSA-2020:0159" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0160", + "url": "https://access.redhat.com/errata/RHSA-2020:0160" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0161", + "url": "https://access.redhat.com/errata/RHSA-2020:0161" } ] } diff --git a/2019/17xxx/CVE-2019-17005.json b/2019/17xxx/CVE-2019-17005.json index 226c74f4bd4..098a15c46ae 100644 --- a/2019/17xxx/CVE-2019-17005.json +++ b/2019/17xxx/CVE-2019-17005.json @@ -93,6 +93,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0002", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4241-1", + "url": "https://usn.ubuntu.com/4241-1/" } ] }, diff --git a/2019/17xxx/CVE-2019-17008.json b/2019/17xxx/CVE-2019-17008.json index bea1707f7a2..a874354c825 100644 --- a/2019/17xxx/CVE-2019-17008.json +++ b/2019/17xxx/CVE-2019-17008.json @@ -93,6 +93,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0002", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4241-1", + "url": "https://usn.ubuntu.com/4241-1/" } ] }, diff --git a/2019/17xxx/CVE-2019-17010.json b/2019/17xxx/CVE-2019-17010.json index 69ed4101082..7e19ae1bbe0 100644 --- a/2019/17xxx/CVE-2019-17010.json +++ b/2019/17xxx/CVE-2019-17010.json @@ -93,6 +93,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0002", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4241-1", + "url": "https://usn.ubuntu.com/4241-1/" } ] }, diff --git a/2019/17xxx/CVE-2019-17011.json b/2019/17xxx/CVE-2019-17011.json index 1ffca517077..39c415b6b4d 100644 --- a/2019/17xxx/CVE-2019-17011.json +++ b/2019/17xxx/CVE-2019-17011.json @@ -93,6 +93,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0002", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4241-1", + "url": "https://usn.ubuntu.com/4241-1/" } ] }, diff --git a/2019/17xxx/CVE-2019-17012.json b/2019/17xxx/CVE-2019-17012.json index 03df1580c52..613fedfa357 100644 --- a/2019/17xxx/CVE-2019-17012.json +++ b/2019/17xxx/CVE-2019-17012.json @@ -93,6 +93,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0002", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00001.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4241-1", + "url": "https://usn.ubuntu.com/4241-1/" } ] }, diff --git a/2019/17xxx/CVE-2019-17015.json b/2019/17xxx/CVE-2019-17015.json index 5252728b4f4..eef6e83b660 100644 --- a/2019/17xxx/CVE-2019-17015.json +++ b/2019/17xxx/CVE-2019-17015.json @@ -68,6 +68,26 @@ "refsource": "CONFIRM", "name": "https://www.mozilla.org/security/advisories/mfsa2020-02/", "url": "https://www.mozilla.org/security/advisories/mfsa2020-02/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)", + "url": "https://seclists.org/bugtraq/2020/Jan/18" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", + "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0060", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0094", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17016.json b/2019/17xxx/CVE-2019-17016.json index e3d3eefef72..fe69164d88d 100644 --- a/2019/17xxx/CVE-2019-17016.json +++ b/2019/17xxx/CVE-2019-17016.json @@ -88,6 +88,76 @@ "refsource": "UBUNTU", "name": "USN-4234-1", "url": "https://usn.ubuntu.com/4234-1/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)", + "url": "https://seclists.org/bugtraq/2020/Jan/18" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0085", + "url": "https://access.redhat.com/errata/RHSA-2020:0085" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0086", + "url": "https://access.redhat.com/errata/RHSA-2020:0086" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", + "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0111", + "url": "https://access.redhat.com/errata/RHSA-2020:0111" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0060", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0120", + "url": "https://access.redhat.com/errata/RHSA-2020:0120" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0123", + "url": "https://access.redhat.com/errata/RHSA-2020:0123" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0127", + "url": "https://access.redhat.com/errata/RHSA-2020:0127" + }, + { + "refsource": "UBUNTU", + "name": "USN-4241-1", + "url": "https://usn.ubuntu.com/4241-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4603", + "url": "https://www.debian.org/security/2020/dsa-4603" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4603-1] thunderbird security update", + "url": "https://seclists.org/bugtraq/2020/Jan/26" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2071-1] thunderbird security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0094", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17017.json b/2019/17xxx/CVE-2019-17017.json index 836f8ae5154..d954fb99d5f 100644 --- a/2019/17xxx/CVE-2019-17017.json +++ b/2019/17xxx/CVE-2019-17017.json @@ -88,6 +88,76 @@ "refsource": "UBUNTU", "name": "USN-4234-1", "url": "https://usn.ubuntu.com/4234-1/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)", + "url": "https://seclists.org/bugtraq/2020/Jan/18" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0085", + "url": "https://access.redhat.com/errata/RHSA-2020:0085" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0086", + "url": "https://access.redhat.com/errata/RHSA-2020:0086" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", + "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0111", + "url": "https://access.redhat.com/errata/RHSA-2020:0111" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0060", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0120", + "url": "https://access.redhat.com/errata/RHSA-2020:0120" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0123", + "url": "https://access.redhat.com/errata/RHSA-2020:0123" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0127", + "url": "https://access.redhat.com/errata/RHSA-2020:0127" + }, + { + "refsource": "UBUNTU", + "name": "USN-4241-1", + "url": "https://usn.ubuntu.com/4241-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4603", + "url": "https://www.debian.org/security/2020/dsa-4603" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4603-1] thunderbird security update", + "url": "https://seclists.org/bugtraq/2020/Jan/26" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2071-1] thunderbird security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0094", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17021.json b/2019/17xxx/CVE-2019-17021.json index 2b0a81c3ba3..da9fb94ca88 100644 --- a/2019/17xxx/CVE-2019-17021.json +++ b/2019/17xxx/CVE-2019-17021.json @@ -68,6 +68,26 @@ "refsource": "CONFIRM", "name": "https://www.mozilla.org/security/advisories/mfsa2020-02/", "url": "https://www.mozilla.org/security/advisories/mfsa2020-02/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)", + "url": "https://seclists.org/bugtraq/2020/Jan/18" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", + "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0060", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0094", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17022.json b/2019/17xxx/CVE-2019-17022.json index 26920740374..ea28b1223b4 100644 --- a/2019/17xxx/CVE-2019-17022.json +++ b/2019/17xxx/CVE-2019-17022.json @@ -88,6 +88,76 @@ "refsource": "UBUNTU", "name": "USN-4234-1", "url": "https://usn.ubuntu.com/4234-1/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)", + "url": "https://seclists.org/bugtraq/2020/Jan/18" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0085", + "url": "https://access.redhat.com/errata/RHSA-2020:0085" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0086", + "url": "https://access.redhat.com/errata/RHSA-2020:0086" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", + "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0111", + "url": "https://access.redhat.com/errata/RHSA-2020:0111" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0060", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0120", + "url": "https://access.redhat.com/errata/RHSA-2020:0120" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0123", + "url": "https://access.redhat.com/errata/RHSA-2020:0123" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0127", + "url": "https://access.redhat.com/errata/RHSA-2020:0127" + }, + { + "refsource": "UBUNTU", + "name": "USN-4241-1", + "url": "https://usn.ubuntu.com/4241-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4603", + "url": "https://www.debian.org/security/2020/dsa-4603" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4603-1] thunderbird security update", + "url": "https://seclists.org/bugtraq/2020/Jan/26" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2071-1] thunderbird security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0094", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17024.json b/2019/17xxx/CVE-2019-17024.json index d2507c86abf..0caf2fe36b2 100644 --- a/2019/17xxx/CVE-2019-17024.json +++ b/2019/17xxx/CVE-2019-17024.json @@ -88,6 +88,76 @@ "refsource": "UBUNTU", "name": "USN-4234-1", "url": "https://usn.ubuntu.com/4234-1/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)", + "url": "https://seclists.org/bugtraq/2020/Jan/18" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0085", + "url": "https://access.redhat.com/errata/RHSA-2020:0085" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0086", + "url": "https://access.redhat.com/errata/RHSA-2020:0086" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html", + "url": "http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0111", + "url": "https://access.redhat.com/errata/RHSA-2020:0111" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0060", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0120", + "url": "https://access.redhat.com/errata/RHSA-2020:0120" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0123", + "url": "https://access.redhat.com/errata/RHSA-2020:0123" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0127", + "url": "https://access.redhat.com/errata/RHSA-2020:0127" + }, + { + "refsource": "UBUNTU", + "name": "USN-4241-1", + "url": "https://usn.ubuntu.com/4241-1/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4603", + "url": "https://www.debian.org/security/2020/dsa-4603" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4603-1] thunderbird security update", + "url": "https://seclists.org/bugtraq/2020/Jan/26" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2071-1] thunderbird security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0094", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17052.json b/2019/17xxx/CVE-2019-17052.json index aeb9d5b8dc2..80c24f7fa65 100644 --- a/2019/17xxx/CVE-2019-17052.json +++ b/2019/17xxx/CVE-2019-17052.json @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-4186-2", "url": "https://usn.ubuntu.com/4186-2/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/17xxx/CVE-2019-17053.json b/2019/17xxx/CVE-2019-17053.json index 01dc4a64f66..c533263acb8 100644 --- a/2019/17xxx/CVE-2019-17053.json +++ b/2019/17xxx/CVE-2019-17053.json @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-4186-2", "url": "https://usn.ubuntu.com/4186-2/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/17xxx/CVE-2019-17054.json b/2019/17xxx/CVE-2019-17054.json index 11e706f8d33..a22a40f6f43 100644 --- a/2019/17xxx/CVE-2019-17054.json +++ b/2019/17xxx/CVE-2019-17054.json @@ -101,6 +101,11 @@ "refsource": "UBUNTU", "name": "USN-4186-2", "url": "https://usn.ubuntu.com/4186-2/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/17xxx/CVE-2019-17055.json b/2019/17xxx/CVE-2019-17055.json index 39de85dbaa0..910f70d49ec 100644 --- a/2019/17xxx/CVE-2019-17055.json +++ b/2019/17xxx/CVE-2019-17055.json @@ -111,6 +111,11 @@ "refsource": "UBUNTU", "name": "USN-4186-2", "url": "https://usn.ubuntu.com/4186-2/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/17xxx/CVE-2019-17056.json b/2019/17xxx/CVE-2019-17056.json index 336f107e1c4..76d62da6a93 100644 --- a/2019/17xxx/CVE-2019-17056.json +++ b/2019/17xxx/CVE-2019-17056.json @@ -111,6 +111,11 @@ "refsource": "UBUNTU", "name": "USN-4186-2", "url": "https://usn.ubuntu.com/4186-2/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/17xxx/CVE-2019-17091.json b/2019/17xxx/CVE-2019-17091.json index 2665943ecc7..670d1f27fcb 100644 --- a/2019/17xxx/CVE-2019-17091.json +++ b/2019/17xxx/CVE-2019-17091.json @@ -106,6 +106,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/17xxx/CVE-2019-17094.json b/2019/17xxx/CVE-2019-17094.json new file mode 100644 index 00000000000..f58b8ea83ca --- /dev/null +++ b/2019/17xxx/CVE-2019-17094.json @@ -0,0 +1,98 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve-requests@bitdefender.com", + "DATE_PUBLIC": "2019-12-20T10:00:00.000Z", + "ID": "CVE-2019-17094", + "STATE": "PUBLIC", + "TITLE": "Stack-Based Overflow vulnerability in Belkin WeMo Insights Switch" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Belkin", + "product": { + "product_data": [ + { + "product_name": "Belkin WeMo Insight Switch", + "version": { + "version_data": [ + { + "version_value": "2.00.11396 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Bitdefender Labs" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device. This issue affects: Belkin WeMo Insight Switch firmware version 2.00.11396 and prior versions." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://labs.bitdefender.com/2019/12/multiple-vulnerabilities-in-belkin-wemo-insight-switch/", + "url": "https://labs.bitdefender.com/2019/12/multiple-vulnerabilities-in-belkin-wemo-insight-switch/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update to the latest firmware version available." + } + ], + "source": { + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17095.json b/2019/17xxx/CVE-2019-17095.json new file mode 100644 index 00000000000..a4bb4b58401 --- /dev/null +++ b/2019/17xxx/CVE-2019-17095.json @@ -0,0 +1,109 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve-requests@bitdefender.com", + "DATE_PUBLIC": "2019-11-23T10:00:00.000Z", + "ID": "CVE-2019-17095", + "STATE": "PUBLIC", + "TITLE": "Bitdefender BOX 2 bootstrap download_image command injection vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitdefender BOX 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.1.47.42", + "version_value": "2.1.59-12" + }, + { + "version_affected": "<", + "version_name": "2.1.53.45", + "version_value": "2.1.59-12" + } + ] + } + } + ] + }, + "vendor_name": "Bitdefender" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Claudio Bozzato, Lilith Wyatt and Dave McDaniel of Cisco Talos" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A command injection vulnerability has been discovered in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method `/api/download_image` unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands. In order to exploit the condition, an unauthenticated attacker should impersonate a infrastructure server to trigger this vulnerability." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.bitdefender.com/support/security-advisories/command-injection-vulnerability-in-bitdefender-box-v2-va-5706", + "url": "https://www.bitdefender.com/support/security-advisories/command-injection-vulnerability-in-bitdefender-box-v2-va-5706" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "An update that mitigates the issue has been delivered in:\nBitdefender Central Android App version 2.0.66.88\nBitdefender Central iOS App version 2.0.66" + } + ], + "source": { + "advisory": "VA-5706", + "defect": [ + "VA-5706" + ], + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17096.json b/2019/17xxx/CVE-2019-17096.json new file mode 100644 index 00000000000..1ad5a239d7f --- /dev/null +++ b/2019/17xxx/CVE-2019-17096.json @@ -0,0 +1,109 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve-requests@bitdefender.com", + "DATE_PUBLIC": "2019-03-11T10:00:00.000Z", + "ID": "CVE-2019-17096", + "STATE": "PUBLIC", + "TITLE": "Bitdefender BOX 2 bootstrap get_image_size command injection vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitdefender BOX 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2.1.47.42", + "version_value": "2.1.59-12" + }, + { + "version_affected": "<", + "version_name": "2.1.53.45", + "version_value": "2.1.59-12" + } + ] + } + } + ] + }, + "vendor_name": "Bitdefender" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Claudio Bozzato, Lilith Wyatt and Dave McDaniel of Cisco Talos." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A OS Command Injection vulnerability in the bootstrap stage of Bitdefender BOX 2 allows the manipulation of the `get_image_url()` function in special circumstances to inject a system command." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-box-2-bootstrap-get_image_size-command-injection-vulnerability/", + "name": "https://www.bitdefender.com/support/security-advisories/bitdefender-box-2-bootstrap-get_image_size-command-injection-vulnerability/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "An update that mitigates the issue has been delivered in:\nBitdefender Central Android App version 2.0.66.88\nBitdefender Central iOS App version 2.0.66" + } + ], + "source": { + "advisory": "VA-5706", + "defect": [ + "VA-5706" + ], + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17099.json b/2019/17xxx/CVE-2019-17099.json new file mode 100644 index 00000000000..5a1edd4cf13 --- /dev/null +++ b/2019/17xxx/CVE-2019-17099.json @@ -0,0 +1,102 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve-requests@bitdefender.com", + "DATE_PUBLIC": "2019-12-18T10:00:00.000Z", + "ID": "CVE-2019-17099", + "STATE": "PUBLIC", + "TITLE": "Untrusted Search Path vulnerability in EPSecurityService.exe (VA-3500)" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Bitdefender", + "product": { + "product_data": [ + { + "product_name": "EPSecurityService.exe", + "version": { + "version_data": [ + { + "version_value": "6.6.11.162 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Bugcrowd user khangkito" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Untrusted Search Path vulnerability in EPSecurityService.exe as used in Bitdefender Endpoint Security Tools versions prior to 6.6.11.163 allows an attacker to load an arbitrary DLL file from the search path. This issue affects: Bitdefender EPSecurityService.exe versions prior to 6.6.11.163." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-426 Untrusted Search Path" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-epsecurityservice-exe-va-3500/", + "url": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-epsecurityservice-exe-va-3500/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Automatic update to version 6.6.11.163 mitigates the issue." + } + ], + "source": { + "advisory": "VA-3500", + "defect": [ + "VA-3500" + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17100.json b/2019/17xxx/CVE-2019-17100.json new file mode 100644 index 00000000000..ed062c31b17 --- /dev/null +++ b/2019/17xxx/CVE-2019-17100.json @@ -0,0 +1,97 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve-requests@bitdefender.com", + "DATE_PUBLIC": "2019-12-19T10:00:00.000Z", + "ID": "CVE-2019-17100", + "STATE": "PUBLIC", + "TITLE": "Untrusted Search Path vulnerability in Bitdefender Total Security 2020 (VA-5895)" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "bdserviceshost.exe", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "24.0.12.69" + } + ] + } + } + ] + }, + "vendor_name": "Bitdefender" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-426 Untrusted Search Path" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-bitdefender-total-security-2020-va-5895/", + "name": "https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability-bitdefender-total-security-2020-va-5895/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Automatic update to Bitdefender Total Security version 24.0.12.69 mitigates the issue" + } + ], + "source": { + "advisory": "VA-5895", + "defect": [ + "VA-5895" + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17102.json b/2019/17xxx/CVE-2019-17102.json new file mode 100644 index 00000000000..d2a9c9b6608 --- /dev/null +++ b/2019/17xxx/CVE-2019-17102.json @@ -0,0 +1,103 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve-requests@bitdefender.com", + "DATE_PUBLIC": "2019-12-30T10:00:00.000Z", + "ID": "CVE-2019-17102", + "STATE": "PUBLIC", + "TITLE": "Bitdefender BOX v2 bootstrap update_setup command execution vulnerability (VA-2226)" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitdefender BOX 2", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "2.1.47.36" + } + ] + } + } + ] + }, + "vendor_name": "Bitdefender" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Bugcrowd user Mongo" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable command execution vulnerability exists in the recovery partition of Bitdefender BOX 2, version 2.0.1.91. The API method `/api/update_setup` does not perform firmware signature checks atomically, leading to an exploitable race condition (TOCTTOU) that allows arbitrary execution of system commands. This issue affects: Bitdefender Bitdefender BOX 2 versions prior to 2.1.47.36." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-413: Improper Resource Locking" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.bitdefender.com/support/security-advisories/bitdefender-box-v2-bootstrap-update_setup-command-execution-vulnerability-va-2226", + "name": "https://www.bitdefender.com/support/security-advisories/bitdefender-box-v2-bootstrap-update_setup-command-execution-vulnerability-va-2226" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Updating to firmware version 2.1.47.36 resolves this issue." + } + ], + "source": { + "advisory": "VA-2226", + "defect": [ + "VA-2226" + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17103.json b/2019/17xxx/CVE-2019-17103.json new file mode 100644 index 00000000000..48447c93f58 --- /dev/null +++ b/2019/17xxx/CVE-2019-17103.json @@ -0,0 +1,103 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve-requests@bitdefender.com", + "DATE_PUBLIC": "2019-12-30T10:00:00.000Z", + "ID": "CVE-2019-17103", + "STATE": "PUBLIC", + "TITLE": "Get-task-allow entitlement via BDLDaemon on macOS" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitdefender AV for Mac", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "8.0.0" + } + ] + } + } + ] + }, + "vendor_name": "Bitdefender" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Bugcrowd user Bohops" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Incorrect Default Permissions vulnerability in the BDLDaemon component of Bitdefender AV for Mac allows an attacker to elevate permissions to read protected directories. This issue affects: Bitdefender AV for Mac versions prior to 8.0.0." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276 Incorrect Default Permissions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448/", + "name": "https://www.bitdefender.com/support/security-advisories/get-task-allow-entitlement-via-bdldaemon-macos-va-3448/" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "Update Bitdefender AV for Mac to version 8.0.0 or higher." + } + ], + "source": { + "advisory": "VA-3448", + "defect": [ + "VA-3448" + ], + "discovery": "EXTERNAL" + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17125.json b/2019/17xxx/CVE-2019-17125.json new file mode 100644 index 00000000000..01361b845d9 --- /dev/null +++ b/2019/17xxx/CVE-2019-17125.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Reflected Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.solarwinds.com/SuccessCenter/s/orion-platform", + "refsource": "MISC", + "name": "https://support.solarwinds.com/SuccessCenter/s/orion-platform" + }, + { + "refsource": "CONFIRM", + "name": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2019-4-Hotfix-3?ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1&r=116&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1", + "url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2019-4-Hotfix-3?ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1&r=116&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17127.json b/2019/17xxx/CVE-2019-17127.json new file mode 100644 index 00000000000..8a247c51403 --- /dev/null +++ b/2019/17xxx/CVE-2019-17127.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17127", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.solarwinds.com/SuccessCenter/s/orion-platform", + "refsource": "MISC", + "name": "https://support.solarwinds.com/SuccessCenter/s/orion-platform" + }, + { + "refsource": "CONFIRM", + "name": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2019-4-Hotfix-3?ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1&r=116&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1", + "url": "https://support.solarwinds.com/SuccessCenter/s/article/Orion-Platform-2019-4-Hotfix-3?ui-force-components-controllers-recordGlobalValueProvider.RecordGvp.getRecord=1&r=116&ui-knowledge-components-aura-actions.KnowledgeArticleVersionCreateDraftFromOnlineAction.createDraftFromOnlineArticle=1" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17133.json b/2019/17xxx/CVE-2019-17133.json index edd574200a6..2c521d7eb16 100644 --- a/2019/17xxx/CVE-2019-17133.json +++ b/2019/17xxx/CVE-2019-17133.json @@ -106,6 +106,16 @@ "refsource": "UBUNTU", "name": "USN-4226-1", "url": "https://usn.ubuntu.com/4226-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] } diff --git a/2019/17xxx/CVE-2019-17149.json b/2019/17xxx/CVE-2019-17149.json new file mode 100644 index 00000000000..ac112497e1f --- /dev/null +++ b/2019/17xxx/CVE-2019-17149.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17149", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was accidentally assigned. Notes: All CVE users should ignore this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17150.json b/2019/17xxx/CVE-2019-17150.json new file mode 100644 index 00000000000..230006cbaf3 --- /dev/null +++ b/2019/17xxx/CVE-2019-17150.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17150", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was accidentally assigned. Notes: All CVE users should ignore this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17180.json b/2019/17xxx/CVE-2019-17180.json index 6265b26b520..d30040976c0 100644 --- a/2019/17xxx/CVE-2019-17180.json +++ b/2019/17xxx/CVE-2019-17180.json @@ -71,6 +71,11 @@ "url": "https://store.steampowered.com/news/54236/", "refsource": "MISC", "name": "https://store.steampowered.com/news/54236/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/583184", + "url": "https://hackerone.com/reports/583184" } ] } diff --git a/2019/17xxx/CVE-2019-17190.json b/2019/17xxx/CVE-2019-17190.json new file mode 100644 index 00000000000..528171f25f2 --- /dev/null +++ b/2019/17xxx/CVE-2019-17190.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the elevated process cleans the ACL of the Update.ini file in %PROGRAMDATA%\\Avast Software\\Browser\\Update\\ and sets all privileges to group Everyone. Because any low-privileged user can create, delete, or modify the Update.ini file stored in this location, an attacker with low privileges can create a hard link named Update.ini in this folder, and make it point to a file writable by NT AUTHORITY\\SYSTEM. Once AvastBrowserUpdate.exe is triggered by the update check functionality, the DACL is set to a misconfigured value on the crafted Update.ini and, consequently, to the target file that was previously not writable by the low-privileged attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.avast.com/bug-bounty-credits/en/a-tribute-to-our-security-research-community", + "url": "https://www.avast.com/bug-bounty-credits/en/a-tribute-to-our-security-research-community" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17201.json b/2019/17xxx/CVE-2019-17201.json new file mode 100644 index 00000000000..b32418de377 --- /dev/null +++ b/2019/17xxx/CVE-2019-17201.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17201", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. When a user requests elevation using the AdminByRequest.exe interface, the interface communicates with the underlying service (Audckq32.exe) using a .NET named pipe. If the underlying service responds that a user is permitted access to the elevation feature, the client then reinitiates communication with the underlying service and requests elevation. This elevation request has no local checks in the service, and depends on client-side validation in the AdminByRequest.exe interface, i.e., it is a vulnerable exposed functionality in the service. By communicating directly with the underlying service, any user can request elevation and obtain Administrator privilege regardless of group policies or permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://improsec.com/en/responsible-disclosure", + "url": "https://improsec.com/en/responsible-disclosure" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:N/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17202.json b/2019/17xxx/CVE-2019-17202.json new file mode 100644 index 00000000000..5ef36983b34 --- /dev/null +++ b/2019/17xxx/CVE-2019-17202.json @@ -0,0 +1,76 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17202", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FastTrack Admin By Request 6.1.0.0 supports group policies that are supposed to allow only a select range of users to elevate to Administrator privilege at will. If a user does not have direct access to the elevation feature through group policies, they are prompted to enter a PIN code in a challenge-response manner upon attempting to elevate privileges. The challenge's response uses a simple algorithm that can be easily emulated via data (customer ID and device name) available to all users, and thus any user can elevate to Administrator privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://improsec.com/en/responsible-disclosure", + "url": "https://improsec.com/en/responsible-disclosure" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:N/C:H/I:H/PR:N/S:C/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17267.json b/2019/17xxx/CVE-2019-17267.json index 3193bde5b3f..ec98868381c 100644 --- a/2019/17xxx/CVE-2019-17267.json +++ b/2019/17xxx/CVE-2019-17267.json @@ -91,6 +91,36 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", + "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0164", + "url": "https://access.redhat.com/errata/RHSA-2020:0164" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0159", + "url": "https://access.redhat.com/errata/RHSA-2020:0159" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0160", + "url": "https://access.redhat.com/errata/RHSA-2020:0160" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0161", + "url": "https://access.redhat.com/errata/RHSA-2020:0161" } ] } diff --git a/2019/17xxx/CVE-2019-17338.json b/2019/17xxx/CVE-2019-17338.json new file mode 100644 index 00000000000..635b7a89ba4 --- /dev/null +++ b/2019/17xxx/CVE-2019-17338.json @@ -0,0 +1,95 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@tibco.com", + "DATE_PUBLIC": "2020-01-28T17:00:00Z", + "ID": "CVE-2019-17338", + "STATE": "PUBLIC", + "TITLE": "TIBCO Patterns - Search Exposes Cross Site Scripting Vulnerabilities" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIBCO Patterns - Search", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "5.4.0" + } + ] + } + } + ] + }, + "vendor_name": "TIBCO Software Inc." + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The user interface component of TIBCO Software Inc.'s TIBCO Patterns - Search contains multiple vulnerabilities that theoretically allow authenticated users to perform persistent cross-site scripting (XSS) attacks.\n\nAffected releases are TIBCO Software Inc.'s TIBCO Patterns - Search: versions 5.4.0 and below.\n" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "The impact of these vulnerabilities includes the theoretical possibility that an attacker could gain all privileges available via the affected component." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.tibco.com/support/advisories/2020/01/tibco-security-advisory-january-28-2020-tibco-patterns", + "refsource": "CONFIRM", + "url": "https://www.tibco.com/support/advisories/2020/01/tibco-security-advisory-january-28-2020-tibco-patterns" + }, + { + "name": "http://www.tibco.com/services/support/advisories", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Patterns - Search versions 5.4.0 and below update to version 5.5.0 or higher" + } + ], + "source": { + "discovery": "INTERNAL" + } +} diff --git a/2019/17xxx/CVE-2019-17340.json b/2019/17xxx/CVE-2019-17340.json index d2fd6c97a67..a2dd6af1469 100644 --- a/2019/17xxx/CVE-2019-17340.json +++ b/2019/17xxx/CVE-2019-17340.json @@ -66,6 +66,16 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Xen Security Advisory 284 v3 (CVE-2019-17340) - grant table transfer issues on large hosts", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/1" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17341.json b/2019/17xxx/CVE-2019-17341.json index 755c87dad82..f501960004a 100644 --- a/2019/17xxx/CVE-2019-17341.json +++ b/2019/17xxx/CVE-2019-17341.json @@ -66,6 +66,16 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Xen Security Advisory 285 v3 (CVE-2019-17341) - race with pass-through device hotplug", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/6" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17342.json b/2019/17xxx/CVE-2019-17342.json index 6b7096dab9e..7cf8a744c27 100644 --- a/2019/17xxx/CVE-2019-17342.json +++ b/2019/17xxx/CVE-2019-17342.json @@ -66,6 +66,16 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Xen Security Advisory 287 v3 (CVE-2019-17342) - x86: steal_page violates page_struct access discipline", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/2" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17343.json b/2019/17xxx/CVE-2019-17343.json index fe726e08cfd..e884fe73661 100644 --- a/2019/17xxx/CVE-2019-17343.json +++ b/2019/17xxx/CVE-2019-17343.json @@ -66,6 +66,16 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Xen Security Advisory 288 v3 (CVE-2019-17343) - x86: Inconsistent PV IOMMU discipline", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/10" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17344.json b/2019/17xxx/CVE-2019-17344.json index 55b2c503218..0085e9d2465 100644 --- a/2019/17xxx/CVE-2019-17344.json +++ b/2019/17xxx/CVE-2019-17344.json @@ -66,6 +66,16 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Xen Security Advisory 290 v3 (CVE-2019-17344) - missing preemption in x86 PV page table unvalidation", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/3" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17345.json b/2019/17xxx/CVE-2019-17345.json index 754d43c413c..262fb736cb3 100644 --- a/2019/17xxx/CVE-2019-17345.json +++ b/2019/17xxx/CVE-2019-17345.json @@ -66,6 +66,16 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Xen Security Advisory 291 v3 (CVE-2019-17345) - x86/PV: page type reference counting issue with failed IOMMU update", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/4" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17346.json b/2019/17xxx/CVE-2019-17346.json index 06f29539e2f..458af3118d9 100644 --- a/2019/17xxx/CVE-2019-17346.json +++ b/2019/17xxx/CVE-2019-17346.json @@ -66,6 +66,16 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Xen Security Advisory 292 v3 (CVE-2019-17346) - x86: insufficient TLB flushing when using PCID", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/5" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17347.json b/2019/17xxx/CVE-2019-17347.json index f65dc8b9633..5139e88b1f0 100644 --- a/2019/17xxx/CVE-2019-17347.json +++ b/2019/17xxx/CVE-2019-17347.json @@ -66,6 +66,16 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Xen Security Advisory 293 v4 (CVE-2019-17347) - x86: PV kernel context switch corruption", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/8" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17348.json b/2019/17xxx/CVE-2019-17348.json index 7cab3c29b11..2812cf27ffa 100644 --- a/2019/17xxx/CVE-2019-17348.json +++ b/2019/17xxx/CVE-2019-17348.json @@ -66,6 +66,16 @@ "refsource": "MLIST", "name": "[oss-security] 20191025 Xen Security Advisory 294 v3 (CVE-2019-17348) - x86 shadow: Insufficient TLB flushing when using PCID", "url": "http://www.openwall.com/lists/oss-security/2019/10/25/7" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17349.json b/2019/17xxx/CVE-2019-17349.json index 55200ae8284..1df010a75c8 100644 --- a/2019/17xxx/CVE-2019-17349.json +++ b/2019/17xxx/CVE-2019-17349.json @@ -61,6 +61,16 @@ "url": "https://xenbits.xen.org/xsa/advisory-295.html", "refsource": "MISC", "name": "https://xenbits.xen.org/xsa/advisory-295.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17350.json b/2019/17xxx/CVE-2019-17350.json index e2daf6c3c00..9b8f40819dd 100644 --- a/2019/17xxx/CVE-2019-17350.json +++ b/2019/17xxx/CVE-2019-17350.json @@ -61,6 +61,16 @@ "url": "https://xenbits.xen.org/xsa/advisory-295.html", "refsource": "MISC", "name": "https://xenbits.xen.org/xsa/advisory-295.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/17xxx/CVE-2019-17357.json b/2019/17xxx/CVE-2019-17357.json new file mode 100644 index 00000000000..dccacae4604 --- /dev/null +++ b/2019/17xxx/CVE-2019-17357.json @@ -0,0 +1,85 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injection vulnerability affecting how template identifiers are handled when a string and id composite value are used to identify the template type and id. An authenticated attacker can exploit this to extract data from the database, or an unauthenticated remote attacker could exploit this via Cross-Site Request Forgery." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.darkmatter.ae/xen1thlabs/", + "refsource": "MISC", + "name": "https://www.darkmatter.ae/xen1thlabs/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/Cacti/cacti/issues/3025", + "url": "https://github.com/Cacti/cacti/issues/3025" + }, + { + "refsource": "MISC", + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947374", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947374" + } + ] + }, + "impact": { + "cvss": { + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17358.json b/2019/17xxx/CVE-2019-17358.json index 9af991ec84e..52fc8565b84 100644 --- a/2019/17xxx/CVE-2019-17358.json +++ b/2019/17xxx/CVE-2019-17358.json @@ -86,6 +86,16 @@ "refsource": "MISC", "name": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html", "url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4604-1] cacti security update", + "url": "https://seclists.org/bugtraq/2020/Jan/25" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4604", + "url": "https://www.debian.org/security/2020/dsa-4604" } ] }, diff --git a/2019/17xxx/CVE-2019-17359.json b/2019/17xxx/CVE-2019-17359.json index 0f1cf94ded0..9f1beeaa90f 100644 --- a/2019/17xxx/CVE-2019-17359.json +++ b/2019/17xxx/CVE-2019-17359.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191024-0006/", "url": "https://security.netapp.com/advisory/ntap-20191024-0006/" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/17xxx/CVE-2019-17361.json b/2019/17xxx/CVE-2019-17361.json new file mode 100644 index 00000000000..08f1f5ab767 --- /dev/null +++ b/2019/17xxx/CVE-2019-17361.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh client enabled is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/saltstack/salt/commits/master", + "refsource": "MISC", + "name": "https://github.com/saltstack/salt/commits/master" + }, + { + "refsource": "CONFIRM", + "name": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html#security-fix", + "url": "https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html#security-fix" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17531.json b/2019/17xxx/CVE-2019-17531.json index 53774035636..98a50cdc070 100644 --- a/2019/17xxx/CVE-2019-17531.json +++ b/2019/17xxx/CVE-2019-17531.json @@ -81,6 +81,36 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191210 [SECURITY] [DLA 2030-1] jackson-databind security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00013.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", + "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0164", + "url": "https://access.redhat.com/errata/RHSA-2020:0164" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0159", + "url": "https://access.redhat.com/errata/RHSA-2020:0159" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0160", + "url": "https://access.redhat.com/errata/RHSA-2020:0160" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0161", + "url": "https://access.redhat.com/errata/RHSA-2020:0161" } ] } diff --git a/2019/17xxx/CVE-2019-17546.json b/2019/17xxx/CVE-2019-17546.json index f1e5eb85a3e..04964716223 100644 --- a/2019/17xxx/CVE-2019-17546.json +++ b/2019/17xxx/CVE-2019-17546.json @@ -71,6 +71,16 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191126 [SECURITY] [DLA 2009-1] tiff security update", "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00027.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20200121 [SECURITY] [DSA 4608-1] tiff security update", + "url": "https://seclists.org/bugtraq/2020/Jan/32" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4608", + "url": "https://www.debian.org/security/2020/dsa-4608" } ] } diff --git a/2019/17xxx/CVE-2019-17558.json b/2019/17xxx/CVE-2019-17558.json index 77281c36d08..2ae3b40e833 100644 --- a/2019/17xxx/CVE-2019-17558.json +++ b/2019/17xxx/CVE-2019-17558.json @@ -83,6 +83,26 @@ "refsource": "MLIST", "name": "[lucene-issues] 20200108 [GitHub] [lucene-solr] Sachpat commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", "url": "https://lists.apache.org/thread.html/r58c58fe51c87bc30ee13bb8b4c83587f023edb349018705208e65b37@%3Cissues.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-issues] 20200113 [GitHub] [lucene-solr] Sachpat closed pull request #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", + "url": "https://lists.apache.org/thread.html/r25f1bd4545617f5b86dde27b4c30fec73117af65598a30e20209739a@%3Cissues.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-issues] 20200113 [jira] [Commented] (SOLR-14025) CVE-2019-17558: Velocity response writer RCE vulnerability persists after 8.3.1", + "url": "https://lists.apache.org/thread.html/r12ab2cb15a34e49b4fecb5b2bdd7e10f3e8b7bf1f4f47fcde34d3a7c@%3Cissues.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-issues] 20200113 [GitHub] [lucene-solr] chatman commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", + "url": "https://lists.apache.org/thread.html/r99c3f7ec3a079e2abbd540ecdb55a0e2a0f349ca7084273a12e87aeb@%3Cissues.lucene.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[lucene-issues] 20200113 [GitHub] [lucene-solr] Sachpat commented on issue #1156: SOLR-13971: CVE-2019-17558: Velocity custom template RCE vulnerability", + "url": "https://lists.apache.org/thread.html/r0b7b9d4113e6ec1ae1d3d0898c645f758511107ea44f0f3a1210c5d5@%3Cissues.lucene.apache.org%3E" } ] }, diff --git a/2019/17xxx/CVE-2019-17563.json b/2019/17xxx/CVE-2019-17563.json index 72e833d91f1..cc1d4f3c2d6 100644 --- a/2019/17xxx/CVE-2019-17563.json +++ b/2019/17xxx/CVE-2019-17563.json @@ -69,6 +69,16 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200107-0001/", "url": "https://security.netapp.com/advisory/ntap-20200107-0001/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0038", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00013.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200127 [SECURITY] [DLA 2077-1] tomcat7 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00024.html" } ] }, diff --git a/2019/17xxx/CVE-2019-17570.json b/2019/17xxx/CVE-2019-17570.json new file mode 100644 index 00000000000..26770f02c34 --- /dev/null +++ b/2019/17xxx/CVE-2019-17570.json @@ -0,0 +1,72 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17570", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Apache XML-RPC", + "version": { + "version_data": [ + { + "version_value": "Apache XML-RPC all versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Deserialization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-17570;", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-17570;" + }, + { + "refsource": "CONFIRM", + "name": "https://lists.apache.org/thread.html/846551673bbb7ec8d691008215384bcef03a3fb004d2da845cfe88ee%401390230951%40%3Cdev.ws.apache.org%3E", + "url": "https://lists.apache.org/thread.html/846551673bbb7ec8d691008215384bcef03a3fb004d2da845cfe88ee%401390230951%40%3Cdev.ws.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200124 RE: [CVE-2019-17570] xmlrpc-common untrusted deserialization", + "url": "http://www.openwall.com/lists/oss-security/2020/01/24/2" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue will not be fixed." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17571.json b/2019/17xxx/CVE-2019-17571.json index ef0f41998e3..f641e7534c5 100644 --- a/2019/17xxx/CVE-2019-17571.json +++ b/2019/17xxx/CVE-2019-17571.json @@ -158,6 +158,106 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200110-0001/", "url": "https://security.netapp.com/advisory/ntap-20200110-0001/" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200110 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url": "https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200111 Re: [jira] [Commented] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200111 [jira] [Closed] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200111 [jira] [Resolved] (TIKA-3018) log4j 1.2 version used by Apache Tika 1.23 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200112 [SECURITY] [DLA 2065-1] apache-log4j1.2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00008.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0051", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00022.html" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200114 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url": "https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[tika-dev] 20200115 [jira] [Commented] (TIKA-3019) [9.8] [CVE-2019-17571] [tika-app] [1.23]", + "url": "https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3Cdev.tika.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20200118 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-dev] 20200118 Build failed in Jenkins: zookeeper-master-maven-owasp #329", + "url": "https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d@%3Cdev.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20200118 [zookeeper] branch master updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20200118 [GitHub] [zookeeper] asfgit closed pull request #1209: ZOOKEEPER-3677 owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "https://lists.apache.org/thread.html/rc17d8491beee51607693019857e41e769795366b85be00aa2f4b3159@%3Cnotifications.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20200118 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200118 [jira] [Resolved] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "https://lists.apache.org/thread.html/rd6254837403e8cbfc7018baa9be29705f3f06bd007c83708f9a97679@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Updated] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", + "url": "https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Updated] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", + "url": "https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Assigned] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200122 [jira] [Resolved] (AMQ-7372) [9.8] [CVE-2019-17571] [activemq-all] [5.15.10]", + "url": "https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919@%3Cissues.activemq.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[activemq-issues] 20200127 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571", + "url": "https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78@%3Cissues.activemq.apache.org%3E" } ] }, diff --git a/2019/17xxx/CVE-2019-17573.json b/2019/17xxx/CVE-2019-17573.json new file mode 100644 index 00000000000..7cfbdd511ae --- /dev/null +++ b/2019/17xxx/CVE-2019-17573.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17573", + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "CXF", + "version": { + "version_data": [ + { + "version_value": "All versions of Apache CXF prior to 3.3.5 and 3.2.12." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://cxf.apache.org/security-advisories.data/CVE-2019-17573.txt.asc?version=1&modificationDate=1579178542000&api=v2", + "url": "http://cxf.apache.org/security-advisories.data/CVE-2019-17573.txt.asc?version=1&modificationDate=1579178542000&api=v2" + }, + { + "refsource": "MLIST", + "name": "[announce] 20200116 [CVE-2019-17573] Apache CXF Reflected XSS in the services listing page", + "url": "https://lists.apache.org/thread.html/rf3b50583fefce2810cbd37c3d358cbcd9a03e750005950bf54546194@%3Cannounce.apache.org%3E" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17584.json b/2019/17xxx/CVE-2019-17584.json new file mode 100644 index 00000000000..0b3f0bd0e6a --- /dev/null +++ b/2019/17xxx/CVE-2019-17584.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Meinberg SyncBox/PTP/PTPv2 devices have default SSH keys which allow attackers to get root access to the devices. All firmware versions up to v5.34o, v5.34s, v5.32* or 5.34g are affected. The private key is also used in an internal interface of another Meinberg Device and can be extracted from a firmware update of this device. An update to fix the vulnerability was published by the vendor." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1904-syncbox-ptp-ptpv2.htm", + "url": "https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1904-syncbox-ptp-ptpv2.htm" + }, + { + "refsource": "MISC", + "name": "https://w1n73r.de/CVE/2019/17584/", + "url": "https://w1n73r.de/CVE/2019/17584/" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17592.json b/2019/17xxx/CVE-2019-17592.json index 45d81ae8287..240aa389296 100644 --- a/2019/17xxx/CVE-2019-17592.json +++ b/2019/17xxx/CVE-2019-17592.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191127-0002/", "url": "https://security.netapp.com/advisory/ntap-20191127-0002/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-595ce5e3cc", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z36UKPO5F3PQ3Q2POMF5LEKXWAH5RUFP/" } ] } diff --git a/2019/17xxx/CVE-2019-17596.json b/2019/17xxx/CVE-2019-17596.json index 809b018adfe..47b6a1a54a6 100644 --- a/2019/17xxx/CVE-2019-17596.json +++ b/2019/17xxx/CVE-2019-17596.json @@ -91,6 +91,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191122-0005/", "url": "https://security.netapp.com/advisory/ntap-20191122-0005/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0101", + "url": "https://access.redhat.com/errata/RHSA-2020:0101" } ] } diff --git a/2019/17xxx/CVE-2019-17621.json b/2019/17xxx/CVE-2019-17621.json index ba5cdc63ca4..b1f7d8c1581 100644 --- a/2019/17xxx/CVE-2019-17621.json +++ b/2019/17xxx/CVE-2019-17621.json @@ -81,6 +81,11 @@ "refsource": "MISC", "name": "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9", "url": "https://medium.com/@s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-es-fad716629ff9" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.html" } ] } diff --git a/2019/17xxx/CVE-2019-17626.json b/2019/17xxx/CVE-2019-17626.json index d755081bd0d..8002a799559 100644 --- a/2019/17xxx/CVE-2019-17626.json +++ b/2019/17xxx/CVE-2019-17626.json @@ -61,6 +61,21 @@ "url": "https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md", "refsource": "MISC", "name": "https://bitbucket.org/rptlab/reportlab/src/default/CHANGES.md" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0197", + "url": "https://access.redhat.com/errata/RHSA-2020:0197" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0195", + "url": "https://access.redhat.com/errata/RHSA-2020:0195" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-d2fb999600", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZZPHP2BJSTP4IYCSJRQINP763IHO6ASL/" } ] } diff --git a/2019/17xxx/CVE-2019-17632.json b/2019/17xxx/CVE-2019-17632.json index d79bede8329..ade50391956 100644 --- a/2019/17xxx/CVE-2019-17632.json +++ b/2019/17xxx/CVE-2019-17632.json @@ -36,7 +36,7 @@ "credit": [ { "lang": "eng", - "value": "This vulnerability was discovered by Jon Are RakvÃ¥g, Security architect, SpareBank 1 Utvikling and Erlend Leiknes, Security Consultant, mnemonic as" + "value": "This vulnerability was discovered by Jon Are Rakv\u00e5g, Security architect, SpareBank 1 Utvikling and Erlend Leiknes, Security Consultant, mnemonic as" } ], "data_format": "MITRE", @@ -68,6 +68,11 @@ "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=553443", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=553443" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4913d43d77", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SAITZ27GKPD2CCNHGT2VBT4VWIBUJJNS/" } ] } diff --git a/2019/17xxx/CVE-2019-17634.json b/2019/17xxx/CVE-2019-17634.json new file mode 100644 index 00000000000..5c00b6ee46c --- /dev/null +++ b/2019/17xxx/CVE-2019-17634.json @@ -0,0 +1,68 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@eclipse.org", + "ID": "CVE-2019-17634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Eclipse Foundation", + "product": { + "product_data": [ + { + "product_name": "Eclipse Memory Analyzer", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 1.9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Iassen Minov for reporting the issue." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, open the malicious heap dump and generate an HTML report for the problem to occur. The heap dump could be specially crafted, or could come from a crafted application or from an application processing malicious data. The vulnerability is present whena report is generated and opened from the Memory Analyzer graphical user interface, or when a report generated in batch mode is then opened in Memory Analyzer or by a web browser. The vulnerability could possibly allow code execution on the local system whenthe report is opened in Memory Analyzer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=552542", + "refsource": "CONFIRM", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=552542" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17635.json b/2019/17xxx/CVE-2019-17635.json new file mode 100644 index 00000000000..61661f895ea --- /dev/null +++ b/2019/17xxx/CVE-2019-17635.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@eclipse.org", + "ID": "CVE-2019-17635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "The Eclipse Foundation", + "product": { + "product_data": [ + { + "product_name": "Eclipse Memory Analyzer", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 1.9.2" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted index for the problem to occur. The problem can be averted if the index files from an untrusted source are deleted and the heap dump is opened and reparsed. Also some local configuration data is subject to a deserialization vulnerability if the local data were to be replaced with a malicious version. This can be averted if the local configuration data stored on the file system cannot be changed by an attacker. The vulnerability could possibly allow code execution on the local system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-502: Deserialization of Untrusted Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=558633", + "refsource": "CONFIRM", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=558633" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17650.json b/2019/17xxx/CVE-2019-17650.json index 87369687430..14253563f51 100644 --- a/2019/17xxx/CVE-2019-17650.json +++ b/2019/17xxx/CVE-2019-17650.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://fortiguard.com/advisory/FG-IR-19-210", "url": "https://fortiguard.com/advisory/FG-IR-19-210" + }, + { + "refsource": "MISC", + "name": "https://danishcyberdefence.dk/blog/forticlient_mac", + "url": "https://danishcyberdefence.dk/blog/forticlient_mac" } ] }, diff --git a/2019/17xxx/CVE-2019-17651.json b/2019/17xxx/CVE-2019-17651.json new file mode 100644 index 00000000000..d21335f175b --- /dev/null +++ b/2019/17xxx/CVE-2019-17651.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-17651", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiSIEM", + "version": { + "version_data": [ + { + "version_value": "FortiSIEM version 5.2.5 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execute unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/psirt/FG-IR-19-197", + "url": "https://fortiguard.com/psirt/FG-IR-19-197" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Improper Neutralization of Input vulnerability in the description and title parameters of a Device Maintenance Schedule in FortiSIEM version 5.2.5 and below may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious JavaScript code into the description field of a Device Maintenance schedule." + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17666.json b/2019/17xxx/CVE-2019-17666.json index c7651ad862e..8188644b1a7 100644 --- a/2019/17xxx/CVE-2019-17666.json +++ b/2019/17xxx/CVE-2019-17666.json @@ -111,6 +111,11 @@ "refsource": "UBUNTU", "name": "USN-4186-2", "url": "https://usn.ubuntu.com/4186-2/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/18xxx/CVE-2019-18194.json b/2019/18xxx/CVE-2019-18194.json new file mode 100644 index 00000000000..620be6ee9f2 --- /dev/null +++ b/2019/18xxx/CVE-2019-18194.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18194", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/", + "refsource": "MISC", + "name": "https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/" + }, + { + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=88qeaLq98Gc", + "url": "https://www.youtube.com/watch?v=88qeaLq98Gc" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18217.json b/2019/18xxx/CVE-2019-18217.json index 78cc040fc79..9e0cd5fdb91 100644 --- a/2019/18xxx/CVE-2019-18217.json +++ b/2019/18xxx/CVE-2019-18217.json @@ -106,6 +106,11 @@ "refsource": "DEBIAN", "name": "DSA-4559", "url": "https://www.debian.org/security/2019/dsa-4559" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0031", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html" } ] } diff --git a/2019/18xxx/CVE-2019-18218.json b/2019/18xxx/CVE-2019-18218.json index 7b6c8d6ca04..02d3c488d50 100644 --- a/2019/18xxx/CVE-2019-18218.json +++ b/2019/18xxx/CVE-2019-18218.json @@ -96,6 +96,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-18036b898e", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6BJVGXSCC6NMIAWX36FPWHEIFON3OSE/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200115-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200115-0001/" } ] } diff --git a/2019/18xxx/CVE-2019-18222.json b/2019/18xxx/CVE-2019-18222.json new file mode 100644 index 00000000000..77455fe0fc4 --- /dev/null +++ b/2019/18xxx/CVE-2019-18222.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://tls.mbed.org/tech-updates/security-advisories", + "refsource": "MISC", + "name": "https://tls.mbed.org/tech-updates/security-advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12", + "url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2019-12" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18244.json b/2019/18xxx/CVE-2019-18244.json new file mode 100644 index 00000000000..3041464c42f --- /dev/null +++ b/2019/18xxx/CVE-2019-18244.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18244", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OSIsoft PI Vision", + "version": { + "version_data": [ + { + "version_value": "PI Vision 2017 R2, PI Vision 2017 R2 SP1, PI Vision 2019" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INCLUSION OF SENSITIVE INFORMATION IN LOG FILES CWE-532" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OSIsoft PI Vision, PI Vision 2017 R2, PI Vision 2017 R2 SP1, PI Vision 2019. The affected product records the service account password in the installation log files when a non-default service account and password are specified during installation or upgrade." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18271.json b/2019/18xxx/CVE-2019-18271.json new file mode 100644 index 00000000000..051e2f5b62f --- /dev/null +++ b/2019/18xxx/CVE-2019-18271.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18271", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OSIsoft PI Vision", + "version": { + "version_data": [ + { + "version_value": "All versions of PI Vision prior to 2019" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CROSS-SITE REQUEST FORGERY (CSRF) CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to a cross-site request forgery that may be introduced on the PI Vision administration site." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18273.json b/2019/18xxx/CVE-2019-18273.json new file mode 100644 index 00000000000..dc82e5545c4 --- /dev/null +++ b/2019/18xxx/CVE-2019-18273.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18273", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OSIsoft PI Vision", + "version": { + "version_data": [ + { + "version_value": "PI Vision 2017 R2 and PI Vision 2017 R2 SP1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OSIsoft PI Vision, PI Vision 2017 R2 and PI Vision 2017 R2 SP1. The affected product is vulnerable to cross-site scripting, which may allow invalid input to be introduced." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18275.json b/2019/18xxx/CVE-2019-18275.json new file mode 100644 index 00000000000..edc8bf93a60 --- /dev/null +++ b/2019/18xxx/CVE-2019-18275.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18275", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "OSIsoft PI Vision", + "version": { + "version_data": [ + { + "version_value": "All versions of PI Vision prior to 2019" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER ACCESS CONTROL CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-06" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affected product is vulnerable to an improper access control, which may return unauthorized tag data when viewing analysis data reference attributes." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18282.json b/2019/18xxx/CVE-2019-18282.json new file mode 100644 index 00000000000..027cf57636c --- /dev/null +++ b/2019/18xxx/CVE-2019-18282.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The flow_dissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash (instead of siphash) is used. The hashrnd value remains the same starting from boot time, and can be inferred by an attacker. This affects net/core/flow_dissector.c and related code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10", + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10" + }, + { + "refsource": "CONFIRM", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=55667441c84fa5e0911a0aac44fb059c15ba6da2", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=55667441c84fa5e0911a0aac44fb059c15ba6da2" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18388.json b/2019/18xxx/CVE-2019-18388.json index 81fffab49c1..341fe6c0e64 100644 --- a/2019/18xxx/CVE-2019-18388.json +++ b/2019/18xxx/CVE-2019-18388.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1765578", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765578" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0058", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html" } ] } diff --git a/2019/18xxx/CVE-2019-18389.json b/2019/18xxx/CVE-2019-18389.json index abbeb037faf..50284dbc167 100644 --- a/2019/18xxx/CVE-2019-18389.json +++ b/2019/18xxx/CVE-2019-18389.json @@ -71,6 +71,11 @@ "refsource": "REDHAT", "name": "Red Hat", "url": "https://access.redhat.com/security/cve/cve-2019-18389" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0058", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html" } ] } diff --git a/2019/18xxx/CVE-2019-18390.json b/2019/18xxx/CVE-2019-18390.json index 971ff6cc29d..99ce0e188f9 100644 --- a/2019/18xxx/CVE-2019-18390.json +++ b/2019/18xxx/CVE-2019-18390.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1765584", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765584" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0058", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html" } ] } diff --git a/2019/18xxx/CVE-2019-18391.json b/2019/18xxx/CVE-2019-18391.json index 47d56e25864..b45bc581846 100644 --- a/2019/18xxx/CVE-2019-18391.json +++ b/2019/18xxx/CVE-2019-18391.json @@ -71,6 +71,11 @@ "refsource": "REDHAT", "name": "Red Hat", "url": "https://access.redhat.com/security/cve/cve-2019-18391" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0058", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00028.html" } ] } diff --git a/2019/18xxx/CVE-2019-18412.json b/2019/18xxx/CVE-2019-18412.json new file mode 100644 index 00000000000..b618d216c0e --- /dev/null +++ b/2019/18xxx/CVE-2019-18412.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18412", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18420.json b/2019/18xxx/CVE-2019-18420.json index 6a0a170cafb..50464061f19 100644 --- a/2019/18xxx/CVE-2019-18420.json +++ b/2019/18xxx/CVE-2019-18420.json @@ -81,6 +81,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-cbb732f760", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/18xxx/CVE-2019-18421.json b/2019/18xxx/CVE-2019-18421.json index 6e9e2c79653..50101e4c446 100644 --- a/2019/18xxx/CVE-2019-18421.json +++ b/2019/18xxx/CVE-2019-18421.json @@ -81,6 +81,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-cbb732f760", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/18xxx/CVE-2019-18422.json b/2019/18xxx/CVE-2019-18422.json index e10e12794a9..f12671f42b7 100644 --- a/2019/18xxx/CVE-2019-18422.json +++ b/2019/18xxx/CVE-2019-18422.json @@ -76,6 +76,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-cbb732f760", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/18xxx/CVE-2019-18423.json b/2019/18xxx/CVE-2019-18423.json index 5e608a5c1ec..c1100d28d21 100644 --- a/2019/18xxx/CVE-2019-18423.json +++ b/2019/18xxx/CVE-2019-18423.json @@ -76,6 +76,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-cbb732f760", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/18xxx/CVE-2019-18424.json b/2019/18xxx/CVE-2019-18424.json index bc2f28b40a0..6650e2c0e60 100644 --- a/2019/18xxx/CVE-2019-18424.json +++ b/2019/18xxx/CVE-2019-18424.json @@ -81,6 +81,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-cbb732f760", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/18xxx/CVE-2019-18425.json b/2019/18xxx/CVE-2019-18425.json index e6c1f0f67dc..54e5a7a19c4 100644 --- a/2019/18xxx/CVE-2019-18425.json +++ b/2019/18xxx/CVE-2019-18425.json @@ -81,6 +81,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-cbb732f760", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZYATWNUGHRBG6I3TC24YHP5Y3J7I6KH/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/18xxx/CVE-2019-18426.json b/2019/18xxx/CVE-2019-18426.json new file mode 100644 index 00000000000..614041dbb56 --- /dev/null +++ b/2019/18xxx/CVE-2019-18426.json @@ -0,0 +1,68 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve-assign@fb.com", + "DATE_ASSIGNED": "2020-01-21", + "ID": "CVE-2019-18426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Facebook", + "product": { + "product_data": [ + { + "product_name": "WhatsApp Desktop", + "version": { + "version_data": [ + { + "version_affected": "!=>", + "version_value": "0.3.9309" + }, + { + "version_affected": "<", + "version_value": "0.3.9309" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.facebook.com/security/advisories/cve-2019-18426", + "url": "https://www.facebook.com/security/advisories/cve-2019-18426" + } + ] + } +} diff --git a/2019/18xxx/CVE-2019-18466.json b/2019/18xxx/CVE-2019-18466.json index ae8c034adb6..a85dfda775a 100644 --- a/2019/18xxx/CVE-2019-18466.json +++ b/2019/18xxx/CVE-2019-18466.json @@ -71,6 +71,11 @@ "url": "https://github.com/containers/libpod/compare/v1.5.1...v1.6.0", "refsource": "MISC", "name": "https://github.com/containers/libpod/compare/v1.5.1...v1.6.0" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:4269", + "url": "https://access.redhat.com/errata/RHSA-2019:4269" } ] } diff --git a/2019/18xxx/CVE-2019-18583.json b/2019/18xxx/CVE-2019-18583.json new file mode 100644 index 00000000000..6799c4adccf --- /dev/null +++ b/2019/18xxx/CVE-2019-18583.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18583", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18584.json b/2019/18xxx/CVE-2019-18584.json new file mode 100644 index 00000000000..22be8b61480 --- /dev/null +++ b/2019/18xxx/CVE-2019-18584.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18584", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18585.json b/2019/18xxx/CVE-2019-18585.json new file mode 100644 index 00000000000..5394b48462b --- /dev/null +++ b/2019/18xxx/CVE-2019-18585.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18585", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18586.json b/2019/18xxx/CVE-2019-18586.json new file mode 100644 index 00000000000..d467ba53bf8 --- /dev/null +++ b/2019/18xxx/CVE-2019-18586.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-18586", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18588.json b/2019/18xxx/CVE-2019-18588.json new file mode 100644 index 00000000000..e0b4f47d802 --- /dev/null +++ b/2019/18xxx/CVE-2019-18588.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "secure@dell.com", + "DATE_PUBLIC": "2019-12-12", + "ID": "CVE-2019-18588", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Unisphere for PowerMax", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "9.1.0.9 and 9.0.2.16" + } + ] + } + } + ] + }, + "vendor_name": "Dell" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting (XSS) vulnerability. An authenticated malicious user may potentially exploit this vulnerability to inject javascript code and affect other authenticated users' sessions." + } + ] + }, + "impact": { + "cvss": { + "baseScore": 9.0, + "baseSeverity": "Critical", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.dell.com/support/security/en-us/details/539808/DSA-2019-193-Dell-EMC-Unisphere-for-PowerMax-and-Dell-EMC-PowerMax-Embedded-Management-Cross-Site", + "name": "https://www.dell.com/support/security/en-us/details/539808/DSA-2019-193-Dell-EMC-Unisphere-for-PowerMax-and-Dell-EMC-PowerMax-Embedded-Management-Cross-Site" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18622.json b/2019/18xxx/CVE-2019-18622.json index 03244635dc8..6568d5bef65 100644 --- a/2019/18xxx/CVE-2019-18622.json +++ b/2019/18xxx/CVE-2019-18622.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2599", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0056", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html" } ] } diff --git a/2019/18xxx/CVE-2019-18660.json b/2019/18xxx/CVE-2019-18660.json index b3f3ef1550e..45cdbe6f29b 100644 --- a/2019/18xxx/CVE-2019-18660.json +++ b/2019/18xxx/CVE-2019-18660.json @@ -131,6 +131,16 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/18xxx/CVE-2019-18675.json b/2019/18xxx/CVE-2019-18675.json index 97c3e74b214..ae5bfe42661 100644 --- a/2019/18xxx/CVE-2019-18675.json +++ b/2019/18xxx/CVE-2019-18675.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200103-0001/", "url": "https://security.netapp.com/advisory/ntap-20200103-0001/" + }, + { + "refsource": "CONFIRM", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=be83bbf806822b1b89e0a0f23cd87cddc409e429", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=be83bbf806822b1b89e0a0f23cd87cddc409e429" } ] } diff --git a/2019/18xxx/CVE-2019-18813.json b/2019/18xxx/CVE-2019-18813.json index eb9514f3b15..2e8f8e535d7 100644 --- a/2019/18xxx/CVE-2019-18813.json +++ b/2019/18xxx/CVE-2019-18813.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4225-1", "url": "https://usn.ubuntu.com/4225-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/18xxx/CVE-2019-18844.json b/2019/18xxx/CVE-2019-18844.json index b7b8a282f6d..75fea93083e 100644 --- a/2019/18xxx/CVE-2019-18844.json +++ b/2019/18xxx/CVE-2019-18844.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core." + "value": "The Device Model in ACRN before 2019w25.5-140000p relies on assert calls in devicemodel/hw/pci/core.c and devicemodel/include/pci_core.h (instead of other mechanisms for propagating error information or diagnostic information), which might allow attackers to cause a denial of service (assertion failure) within pci core. This is fixed in 1.2. 6199e653418e is a mitigation for pre-1.1 versions, whereas 2b3dedfb9ba1 is a mitigation for 1.1." } ] }, diff --git a/2019/18xxx/CVE-2019-18859.json b/2019/18xxx/CVE-2019-18859.json index 023d67b6fca..1f9be1edb44 100644 --- a/2019/18xxx/CVE-2019-18859.json +++ b/2019/18xxx/CVE-2019-18859.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://gist.github.com/RNPG/e0d25ad51aa5c288b9005900f88a4f03", "url": "https://gist.github.com/RNPG/e0d25ad51aa5c288b9005900f88a4f03" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155926/Digi-AnywhereUSB-14-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/155926/Digi-AnywhereUSB-14-Cross-Site-Scripting.html" } ] } diff --git a/2019/18xxx/CVE-2019-18893.json b/2019/18xxx/CVE-2019-18893.json new file mode 100644 index 00000000000..eecb18085a4 --- /dev/null +++ b/2019/18xxx/CVE-2019-18893.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS in the Video Downloader component before 1.5 of Avast Secure Browser 77.1.1831.91 and AVG Secure Browser 77.0.1790.77 allows websites to execute their code in the context of this component. While Video Downloader is technically a browser extension, it is granted a very wide set of privileges and can for example access cookies and browsing history, spy on the user while they are surfing the web, and alter their surfing experience in almost arbitrary ways." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://palant.de/2020/01/13/pwning-avast-secure-browser-for-fun-and-profit/", + "url": "https://palant.de/2020/01/13/pwning-avast-secure-browser-for-fun-and-profit/" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18894.json b/2019/18xxx/CVE-2019-18894.json new file mode 100644 index 00000000000..f593407959d --- /dev/null +++ b/2019/18xxx/CVE-2019-18894.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Avast Premium Security 19.8.2393, attackers can send a specially crafted request to the local web server run by Avast Antivirus on port 27275 to support Bank Mode functionality. A flaw in the processing of a command allows execution of arbitrary OS commands with the privileges of the currently logged in user. This allows for example attackers who compromised a browser extension to escape from the browser sandbox." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://palant.de/2020/01/13/pwning-avast-secure-browser-for-fun-and-profit/", + "url": "https://palant.de/2020/01/13/pwning-avast-secure-browser-for-fun-and-profit/" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18898.json b/2019/18xxx/CVE-2019-18898.json new file mode 100644 index 00000000000..1431d3851fd --- /dev/null +++ b/2019/18xxx/CVE-2019-18898.json @@ -0,0 +1,117 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2019-11-26T00:00:00.000Z", + "ID": "CVE-2019-18898", + "STATE": "PUBLIC", + "TITLE": "trousers: Local privilege escalation from tss to root" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SUSE Linux Enterprise Server 15 SP1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "trousers", + "version_value": "0.3.14-6.3.1" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + }, + { + "product": { + "product_data": [ + { + "product_name": "Factory", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "trousers", + "version_value": "0.3.14-7.1" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Johannes Segitz from SUSE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1157651", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157651" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1157651", + "defect": [ + "1157651" + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18899.json b/2019/18xxx/CVE-2019-18899.json new file mode 100644 index 00000000000..a629799d79f --- /dev/null +++ b/2019/18xxx/CVE-2019-18899.json @@ -0,0 +1,98 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2020-01-20T00:00:00.000Z", + "ID": "CVE-2019-18899", + "STATE": "PUBLIC", + "TITLE": " apt-cacher-ng insecure use of /run/apt-cacher-ng" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Leap 15.1", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "apt-cacher-ng", + "version_value": "3.1-lp151.3.3.1" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Matthias Gerstner of SUSE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-250: Execution with Unnecessary Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1157703", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157703" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1157703", + "defect": [ + "1157703" + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18900.json b/2019/18xxx/CVE-2019-18900.json new file mode 100644 index 00000000000..0cd32f9246a --- /dev/null +++ b/2019/18xxx/CVE-2019-18900.json @@ -0,0 +1,121 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2020-01-24T00:00:00.000Z", + "ID": "CVE-2019-18900", + "STATE": "PUBLIC", + "TITLE": "libzypp stores cookies world readable" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CaaS Platform 3.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "libzypp", + "version_value": "16.21.2-27.68.1" + } + ] + } + }, + { + "product_name": "SUSE Linux Enterprise Server 12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "libzypp", + "version_value": "16.21.2-2.45.1" + } + ] + } + }, + { + "product_name": "SUSE Linux Enterprise Server 15", + "version": { + "version_data": [ + { + "version_name": "libzypp", + "version_value": "17.19.0-3.34.1" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Matthias Gerstner of SUSE" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": ": Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS Platform 3.0, SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allowed local attackers to read a cookie store used by libzypp, exposing private cookies. This issue affects: SUSE CaaS Platform 3.0 libzypp versions prior to 16.21.2-27.68.1. SUSE Linux Enterprise Server 12 libzypp versions prior to 16.21.2-2.45.1. SUSE Linux Enterprise Server 15 17.19.0-3.34.1." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276: Incorrect Default Permissions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1158763", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1158763" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1158763", + "defect": [ + "1158763" + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18932.json b/2019/18xxx/CVE-2019-18932.json new file mode 100644 index 00000000000..27f47bd378f --- /dev/null +++ b/2019/18xxx/CVE-2019-18932.json @@ -0,0 +1,92 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18932", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1150554", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1150554" + }, + { + "url": "https://sourceforge.net/projects/sarg/", + "refsource": "MISC", + "name": "https://sourceforge.net/projects/sarg/" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200120 CVE-2019-18932: sarg: insecure usage of /tmp/sarg allows privilege escalation / DoS attack vector", + "url": "http://www.openwall.com/lists/oss-security/2020/01/20/6" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/01/20/6", + "url": "http://www.openwall.com/lists/oss-security/2020/01/20/6" + }, + { + "refsource": "MLIST", + "name": "[oss-security] CVE-2019-18932: sarg: insecure usage of /tmp/sarg allows privilege escalation / DoS attack vector", + "url": "https://seclists.org/oss-sec/2020/q1/23" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200127 Re: CVE-2019-18932: sarg: insecure usage of /tmp/sarg allows privilege escalation / DoS attack vector", + "url": "http://www.openwall.com/lists/oss-security/2020/01/27/1" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0117", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00051.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18935.json b/2019/18xxx/CVE-2019-18935.json index cb0e313b041..36145f63ee8 100644 --- a/2019/18xxx/CVE-2019-18935.json +++ b/2019/18xxx/CVE-2019-18935.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (In 2019.3.1023 but not earlier versions, a non-default setting can prevent exploitation.)" + "value": "Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)" } ] }, @@ -86,6 +86,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "https://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp-net-ajax-r1-2020-(version-2020-1-114)", + "url": "https://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp-net-ajax-r1-2020-(version-2020-1-114)" } ] } diff --git a/2019/19xxx/CVE-2019-19031.json b/2019/19xxx/CVE-2019-19031.json index 2e86aff4df5..c131663d88d 100644 --- a/2019/19xxx/CVE-2019-19031.json +++ b/2019/19xxx/CVE-2019-19031.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://hackpuntes.com/cve-2019-19031-easy-xml-editor-1-7-8-inyeccion-xml/", "url": "https://hackpuntes.com/cve-2019-19031-easy-xml-editor-1-7-8-inyeccion-xml/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155996/Easy-XML-Editor-1.7.8-XML-Injection.html", + "url": "http://packetstormsecurity.com/files/155996/Easy-XML-Editor-1.7.8-XML-Injection.html" } ] } diff --git a/2019/19xxx/CVE-2019-19045.json b/2019/19xxx/CVE-2019-19045.json index 03a309fef1d..ab7e9771cdf 100644 --- a/2019/19xxx/CVE-2019-19045.json +++ b/2019/19xxx/CVE-2019-19045.json @@ -86,6 +86,11 @@ "refsource": "UBUNTU", "name": "USN-4227-2", "url": "https://usn.ubuntu.com/4227-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19051.json b/2019/19xxx/CVE-2019-19051.json index bc4d4cca829..18eef3ffc6f 100644 --- a/2019/19xxx/CVE-2019-19051.json +++ b/2019/19xxx/CVE-2019-19051.json @@ -71,6 +71,16 @@ "refsource": "UBUNTU", "name": "USN-4225-1", "url": "https://usn.ubuntu.com/4225-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19052.json b/2019/19xxx/CVE-2019-19052.json index 7f12b2e780c..3c9afcd254a 100644 --- a/2019/19xxx/CVE-2019-19052.json +++ b/2019/19xxx/CVE-2019-19052.json @@ -101,6 +101,16 @@ "refsource": "UBUNTU", "name": "USN-4227-2", "url": "https://usn.ubuntu.com/4227-2/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19055.json b/2019/19xxx/CVE-2019-19055.json index 4e26d418135..cd39e9eac73 100644 --- a/2019/19xxx/CVE-2019-19055.json +++ b/2019/19xxx/CVE-2019-19055.json @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4225-1", "url": "https://usn.ubuntu.com/4225-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19056.json b/2019/19xxx/CVE-2019-19056.json index ebbedb015ed..4d4618235d6 100644 --- a/2019/19xxx/CVE-2019-19056.json +++ b/2019/19xxx/CVE-2019-19056.json @@ -76,6 +76,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2675", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19057.json b/2019/19xxx/CVE-2019-19057.json index 78a5234d779..55bfee4a1ce 100644 --- a/2019/19xxx/CVE-2019-19057.json +++ b/2019/19xxx/CVE-2019-19057.json @@ -86,6 +86,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19062.json b/2019/19xxx/CVE-2019-19062.json index 42e9ebb3e4b..3a62450758c 100644 --- a/2019/19xxx/CVE-2019-19062.json +++ b/2019/19xxx/CVE-2019-19062.json @@ -86,6 +86,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19066.json b/2019/19xxx/CVE-2019-19066.json index 3d240be536a..3a80a3b7c3d 100644 --- a/2019/19xxx/CVE-2019-19066.json +++ b/2019/19xxx/CVE-2019-19066.json @@ -71,6 +71,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191205-0001/", "url": "https://security.netapp.com/advisory/ntap-20191205-0001/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19072.json b/2019/19xxx/CVE-2019-19072.json index 9dfe49fe8e8..33265d3b560 100644 --- a/2019/19xxx/CVE-2019-19072.json +++ b/2019/19xxx/CVE-2019-19072.json @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4225-1", "url": "https://usn.ubuntu.com/4225-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19126.json b/2019/19xxx/CVE-2019-19126.json index 8fde04650d7..377066117ab 100644 --- a/2019/19xxx/CVE-2019-19126.json +++ b/2019/19xxx/CVE-2019-19126.json @@ -56,6 +56,11 @@ "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=25204", "refsource": "MISC", "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=25204" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-1a3bdfde17", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZFJ5E7NWOL6ROE5QVICHKIOUGCPFJVUH/" } ] } diff --git a/2019/19xxx/CVE-2019-19142.json b/2019/19xxx/CVE-2019-19142.json index 22ce53abd60..bbe0261b7d8 100644 --- a/2019/19xxx/CVE-2019-19142.json +++ b/2019/19xxx/CVE-2019-19142.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19142", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19142", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fireshellsecurity.team/hack-n-routers/", + "refsource": "MISC", + "name": "https://fireshellsecurity.team/hack-n-routers/" } ] } diff --git a/2019/19xxx/CVE-2019-19143.json b/2019/19xxx/CVE-2019-19143.json index 94231f70f31..6ae640a2bbe 100644 --- a/2019/19xxx/CVE-2019-19143.json +++ b/2019/19xxx/CVE-2019-19143.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19143", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19143", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a POST request to the cgi/softup URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fireshellsecurity.team/hack-n-routers/", + "refsource": "MISC", + "name": "https://fireshellsecurity.team/hack-n-routers/" } ] } diff --git a/2019/19xxx/CVE-2019-19191.json b/2019/19xxx/CVE-2019-19191.json index 45364f5dd5f..bf4a821389a 100644 --- a/2019/19xxx/CVE-2019-19191.json +++ b/2019/19xxx/CVE-2019-19191.json @@ -61,6 +61,11 @@ "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157471", "refsource": "MISC", "name": "https://bugzilla.suse.com/show_bug.cgi?id=1157471" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0020", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00017.html" } ] } diff --git a/2019/19xxx/CVE-2019-19227.json b/2019/19xxx/CVE-2019-19227.json index 169d3cc68f2..78774620aef 100644 --- a/2019/19xxx/CVE-2019-19227.json +++ b/2019/19xxx/CVE-2019-19227.json @@ -81,6 +81,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19269.json b/2019/19xxx/CVE-2019-19269.json index cbc25b02352..cb7b2856316 100644 --- a/2019/19xxx/CVE-2019-19269.json +++ b/2019/19xxx/CVE-2019-19269.json @@ -71,6 +71,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-bfacf1e958", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QR65XUHPCRU3NXTSFVF2J4GWRIHC7AHW/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0031", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html" } ] } diff --git a/2019/19xxx/CVE-2019-19270.json b/2019/19xxx/CVE-2019-19270.json index 827f3065ed5..19416281a8f 100644 --- a/2019/19xxx/CVE-2019-19270.json +++ b/2019/19xxx/CVE-2019-19270.json @@ -66,6 +66,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-bfacf1e958", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QR65XUHPCRU3NXTSFVF2J4GWRIHC7AHW/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0031", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html" } ] } diff --git a/2019/19xxx/CVE-2019-19278.json b/2019/19xxx/CVE-2019-19278.json index 12bf87d3ef8..940581eec62 100644 --- a/2019/19xxx/CVE-2019-19278.json +++ b/2019/19xxx/CVE-2019-19278.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2019-19278", + "STATE": "PUBLIC" + }, "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2019-19278", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Siemens AG", + "product": { + "product_data": [ + { + "product_name": "SINAMICS PERFECT HARMONY GH180 Drives\n\n MLFB 6SR32..-.....-....\n\n MLFB 6SR4...-.....-....\n\n MLFB 6SR5...-.....-....\n\n With option A30 (HMIs 12 inches or larger)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + }, + { + "product_name": "SINAMICS PERFECT HARMONY GH180 Drives\n\n MLFB 6SR325.-.....-.... (High Availability)", + "version": { + "version_data": [ + { + "version_value": "All versions" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-693: Protection Mechanism Failure" + } + ] + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability has been identified in SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR32..-.....-.... MLFB 6SR4...-.....-.... MLFB 6SR5...-.....-.... With option A30 (HMIs 12 inches or larger) (All versions), SINAMICS PERFECT HARMONY GH180 Drives MLFB 6SR325.-.....-.... (High Availability) (All versions). The affected device contains a vulnerability that could allow an unauthenticated attacker to restore the affected device to a point where predefined application and operating system protection mechanisms are not in place. Successful exploitation requires physical access to the system, but no system privileges and no user interaction. An attacker could use the vulnerability to compromise confidentialiy, integrity and availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known." + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-242353.pdf", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-242353.pdf" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-014-04", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-014-04" } ] } diff --git a/2019/19xxx/CVE-2019-19332.json b/2019/19xxx/CVE-2019-19332.json index 523e9990356..6f5343e2b2f 100644 --- a/2019/19xxx/CVE-2019-19332.json +++ b/2019/19xxx/CVE-2019-19332.json @@ -63,6 +63,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] }, diff --git a/2019/19xxx/CVE-2019-19339.json b/2019/19xxx/CVE-2019-19339.json index c118039fd9c..d1c9073d5b3 100644 --- a/2019/19xxx/CVE-2019-19339.json +++ b/2019/19xxx/CVE-2019-19339.json @@ -4,15 +4,69 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19339", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "kpatch:", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-805" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19339", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19339", + "refsource": "CONFIRM" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. The processor's Memory Management Unit (MMU) uses Paging structure entries to translate program's virtual memory addresses to physical memory addresses. The processor stores these address translations into its local cache buffer called - Translation Lookaside Buffer (TLB). TLB has two parts, one for instructions and other for data addresses. System software can modify its Paging structure entries to change address mappings OR certain attributes like page size etc. Upon such Paging structure alterations in memory, system software must invalidate the corresponding address translations in the processor's TLB cache. But before this TLB invalidation takes place, a privileged guest user may trigger an instruction fetch operation, which could use an already cached, but now invalid, virtual to physical address translation from Instruction TLB (ITLB). Thus accessing an invalid physical memory address and resulting in halting the processor due to the Machine Check Error (MCE) on Page Size Change." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19344.json b/2019/19xxx/CVE-2019-19344.json index f5138c74f0a..b3cc5d2aa21 100644 --- a/2019/19xxx/CVE-2019-19344.json +++ b/2019/19xxx/CVE-2019-19344.json @@ -4,15 +4,95 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19344", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "samba", + "version": { + "version_data": [ + { + "version_value": "all samba 4.11.x versions before 4.11.5" + }, + { + "version_value": "all samba 4.10.x versions before 4.10.12" + }, + { + "version_value": "all samba 4.9.x versions before 4.9.18" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19344", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19344", + "refsource": "CONFIRM" + }, + { + "url": "https://www.samba.org/samba/security/CVE-2019-19344.html", + "refsource": "MISC", + "name": "https://www.samba.org/samba/security/CVE-2019-19344.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0001/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.synology.com/security/advisory/Synology_SA_20_01", + "url": "https://www.synology.com/security/advisory/Synology_SA_20_01" + }, + { + "refsource": "UBUNTU", + "name": "USN-4244-1", + "url": "https://usn.ubuntu.com/4244-1/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19363.json b/2019/19xxx/CVE-2019-19363.json index baca5a23acf..0307de6786b 100644 --- a/2019/19xxx/CVE-2019-19363.json +++ b/2019/19xxx/CVE-2019-19363.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19363", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19363", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Ricoh (including Savin and Lanier) Windows printer drivers prior to 2020 that allows attackers local privilege escalation. Affected drivers and versions are: PCL6 Driver for Universal Print - Version 4.0 or later PS Driver for Universal Print - Version 4.0 or later PC FAX Generic Driver - All versions Generic PCL5 Driver - All versions RPCS Driver - All versions PostScript3 Driver - All versions PCL6 (PCL XL) Driver - All versions RPCS Raster Driver - All version" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.ricoh.com/info/2020/0122_1/", + "url": "https://www.ricoh.com/info/2020/0122_1/" + }, + { + "refsource": "FULLDISC", + "name": "20200124 CVE-2019-19363 - Local Privilege Escalation in many Ricoh Printer Drivers for Windows", + "url": "http://seclists.org/fulldisclosure/2020/Jan/34" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/156082/Ricoh-Printer-Driver-Local-Privilege-Escalation.html" } ] } diff --git a/2019/19xxx/CVE-2019-19392.json b/2019/19xxx/CVE-2019-19392.json index e5916bd35a9..d90e52382c9 100644 --- a/2019/19xxx/CVE-2019-19392.json +++ b/2019/19xxx/CVE-2019-19392.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19392", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19392", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly DotNetNuke) allows an unprivileged user to import (create) new users with Administrator privileges, as demonstrated by Roles=\"Administrators\" in XML or CSV data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fordnn/usersexportimport/commits/master", + "refsource": "MISC", + "name": "https://github.com/fordnn/usersexportimport/commits/master" + }, + { + "refsource": "MISC", + "name": "https://blog.joaoorvalho.com/description-cve-2019-19392/", + "url": "https://blog.joaoorvalho.com/description-cve-2019-19392/" } ] } diff --git a/2019/19xxx/CVE-2019-19411.json b/2019/19xxx/CVE-2019-19411.json index a870e0c767f..ba83d7a4361 100644 --- a/2019/19xxx/CVE-2019-19411.json +++ b/2019/19xxx/CVE-2019-19411.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19411", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "USG9500", + "version": { + "version_data": [ + { + "version_value": "V500R001C30SPC100,V500R001C30SPC200,V500R001C30SPC600,V500R001C60SPC500,V500R005C00SPC100,V500R005C00SPC200" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Leakage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-firewall-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-firewall-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished." } ] } diff --git a/2019/19xxx/CVE-2019-19413.json b/2019/19xxx/CVE-2019-19413.json index e67abc64d9c..7acb1869a7c 100644 --- a/2019/19xxx/CVE-2019-19413.json +++ b/2019/19xxx/CVE-2019-19413.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19413", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60", + "version": { + "version_data": [ + { + "version_value": "V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50" + }, + { + "version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800" + }, + { + "version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50" + }, + { + "version_value": "V100R005C00,V100R005C10,V200R001C00,V200R002C50" + }, + { + "version_value": "V100R003C00,V100R004C10" + }, + { + "version_value": "V500R002C00" + }, + { + "version_value": "V500R002C00SPC200,V600R006C00" + }, + { + "version_value": "V100R001C10,V600R006C00" + }, + { + "version_value": "V600R006C00" + }, + { + "version_value": "V600R006C00" + }, + { + "version_value": "V100R001C10,V500R002C00,V600R006C00" + }, + { + "version_value": "" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Two Integer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash." } ] } diff --git a/2019/19xxx/CVE-2019-19414.json b/2019/19xxx/CVE-2019-19414.json index 2a205ead6a3..aa949c5014c 100644 --- a/2019/19xxx/CVE-2019-19414.json +++ b/2019/19xxx/CVE-2019-19414.json @@ -4,14 +4,91 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19414", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800;DBS3900 TDD LTE;DP300;RP200;TE30;TE40;TE50;TE60", + "version": { + "version_data": [ + { + "version_value": "V100R003C10,V100R005C00,V100R006C00,V200R001C00,V200R002C50" + }, + { + "version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50SPC800" + }, + { + "version_value": "V100R005C00,V100R005C10,V100R006C00,V200R001C00,V200R002C50" + }, + { + "version_value": "V100R005C00,V100R005C10,V200R001C00,V200R002C50" + }, + { + "version_value": "V100R003C00,V100R004C10" + }, + { + "version_value": "V500R002C00" + }, + { + "version_value": "V500R002C00SPC200,V600R006C00" + }, + { + "version_value": "V100R001C10,V600R006C00" + }, + { + "version_value": "V600R006C00" + }, + { + "version_value": "V600R006C00" + }, + { + "version_value": "V100R001C10,V500R002C00,V600R006C00" + }, + { + "version_value": "" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Two Integer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-ldap-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash." } ] } diff --git a/2019/19xxx/CVE-2019-19451.json b/2019/19xxx/CVE-2019-19451.json index 0ee66685a2c..8e67ca9fd39 100644 --- a/2019/19xxx/CVE-2019-19451.json +++ b/2019/19xxx/CVE-2019-19451.json @@ -56,6 +56,11 @@ "url": "https://gitlab.gnome.org/GNOME/dia/issues/428", "refsource": "MISC", "name": "https://gitlab.gnome.org/GNOME/dia/issues/428" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0021", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00019.html" } ] } diff --git a/2019/19xxx/CVE-2019-19470.json b/2019/19xxx/CVE-2019-19470.json index 99296880474..f05a3b93767 100644 --- a/2019/19xxx/CVE-2019-19470.json +++ b/2019/19xxx/CVE-2019-19470.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An attacker who has already compromised the local system could use TinyWall Controller to gain additional privileges by attaching a debugger to the running process and modifying the code in memory. Vulnerability fixed in version 2.1.13." + "value": "Unsafe usage of .NET deserialization in Named Pipe message processing allows privilege escalation to NT AUTHORITY\\SYSTEM for a local attacker. Affected product is TinyWall, all versions up to and including 2.1.12. Fixed in version 2.1.13." } ] }, @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.wilderssecurity.com/threads/beta-testing-tinywall.309739/page-62#post-2882843", "url": "https://www.wilderssecurity.com/threads/beta-testing-tinywall.309739/page-62#post-2882843" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/pylorak/7df52c9325614676e07782dbe4e81582", + "url": "https://gist.github.com/pylorak/7df52c9325614676e07782dbe4e81582" } ] } diff --git a/2019/19xxx/CVE-2019-19475.json b/2019/19xxx/CVE-2019-19475.json index 5fd01f45ada..30b0791d86e 100644 --- a/2019/19xxx/CVE-2019-19475.json +++ b/2019/19xxx/CVE-2019-19475.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19475", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19475", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in ManageEngine Applications Manager 14 with Build 14360. Integrated PostgreSQL which is built-in in Applications Manager is prone to attack due to lack of file permission security. The malicious users who are in \u201cAuthenticated Users\u201d group can exploit privilege escalation and modify PostgreSQL configuration to execute arbitrary command to escalate and gain full system privilege user access and rights over the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19475.html", + "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-19475.html" } ] } diff --git a/2019/19xxx/CVE-2019-19479.json b/2019/19xxx/CVE-2019-19479.json index 3565baf0a99..05f68ce830c 100644 --- a/2019/19xxx/CVE-2019-19479.json +++ b/2019/19xxx/CVE-2019-19479.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191229 OpenSC 0.20.0 released", "url": "http://www.openwall.com/lists/oss-security/2019/12/29/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-3c93790abe", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/" } ] } diff --git a/2019/19xxx/CVE-2019-19480.json b/2019/19xxx/CVE-2019-19480.json index 88e5bad2a8c..972d399b553 100644 --- a/2019/19xxx/CVE-2019-19480.json +++ b/2019/19xxx/CVE-2019-19480.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191229 OpenSC 0.20.0 released", "url": "http://www.openwall.com/lists/oss-security/2019/12/29/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-3c93790abe", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/" } ] } diff --git a/2019/19xxx/CVE-2019-19481.json b/2019/19xxx/CVE-2019-19481.json index 17903ff9d2f..fa7f02f7fcd 100644 --- a/2019/19xxx/CVE-2019-19481.json +++ b/2019/19xxx/CVE-2019-19481.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191229 OpenSC 0.20.0 released", "url": "http://www.openwall.com/lists/oss-security/2019/12/29/1" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-3c93790abe", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDSQLMZZYBHO5X3BK7D6E7E6NZIMZDI5/" } ] } diff --git a/2019/19xxx/CVE-2019-19523.json b/2019/19xxx/CVE-2019-19523.json index 727ed028ff2..f6c689cd2c5 100644 --- a/2019/19xxx/CVE-2019-19523.json +++ b/2019/19xxx/CVE-2019-19523.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3", "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19524.json b/2019/19xxx/CVE-2019-19524.json index bceeab265ca..58fabba5160 100644 --- a/2019/19xxx/CVE-2019-19524.json +++ b/2019/19xxx/CVE-2019-19524.json @@ -111,6 +111,16 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", "url": "http://packetstormsecurity.com/files/155890/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19527.json b/2019/19xxx/CVE-2019-19527.json index c42cebd6c07..e146bc5f571 100644 --- a/2019/19xxx/CVE-2019-19527.json +++ b/2019/19xxx/CVE-2019-19527.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3", "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19529.json b/2019/19xxx/CVE-2019-19529.json index 6ca371aa039..99acb537882 100644 --- a/2019/19xxx/CVE-2019-19529.json +++ b/2019/19xxx/CVE-2019-19529.json @@ -91,6 +91,11 @@ "refsource": "UBUNTU", "name": "USN-4227-2", "url": "https://usn.ubuntu.com/4227-2/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19530.json b/2019/19xxx/CVE-2019-19530.json index 30c5402e426..93bd90d9db3 100644 --- a/2019/19xxx/CVE-2019-19530.json +++ b/2019/19xxx/CVE-2019-19530.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2675", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19531.json b/2019/19xxx/CVE-2019-19531.json index ca958738b28..7eba13e1355 100644 --- a/2019/19xxx/CVE-2019-19531.json +++ b/2019/19xxx/CVE-2019-19531.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2675", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19532.json b/2019/19xxx/CVE-2019-19532.json index bd756cbdedb..1008a7c2d49 100644 --- a/2019/19xxx/CVE-2019-19532.json +++ b/2019/19xxx/CVE-2019-19532.json @@ -71,6 +71,11 @@ "refsource": "UBUNTU", "name": "USN-4226-1", "url": "https://usn.ubuntu.com/4226-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19533.json b/2019/19xxx/CVE-2019-19533.json index f2928d5f37e..9b46eaa870b 100644 --- a/2019/19xxx/CVE-2019-19533.json +++ b/2019/19xxx/CVE-2019-19533.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3", "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19534.json b/2019/19xxx/CVE-2019-19534.json index 726027bef89..fd51f1e752f 100644 --- a/2019/19xxx/CVE-2019-19534.json +++ b/2019/19xxx/CVE-2019-19534.json @@ -101,6 +101,16 @@ "refsource": "UBUNTU", "name": "USN-4227-2", "url": "https://usn.ubuntu.com/4227-2/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4225-2", + "url": "https://usn.ubuntu.com/4225-2/" } ] } diff --git a/2019/19xxx/CVE-2019-19536.json b/2019/19xxx/CVE-2019-19536.json index 385b75e8a40..672623d1064 100644 --- a/2019/19xxx/CVE-2019-19536.json +++ b/2019/19xxx/CVE-2019-19536.json @@ -71,6 +71,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2675", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19537.json b/2019/19xxx/CVE-2019-19537.json index 56d5284d080..4984c595131 100644 --- a/2019/19xxx/CVE-2019-19537.json +++ b/2019/19xxx/CVE-2019-19537.json @@ -66,6 +66,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191203 Linux kernel: multiple vulnerabilities in the USB subsystem x3", "url": "http://www.openwall.com/lists/oss-security/2019/12/03/4" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19539.json b/2019/19xxx/CVE-2019-19539.json index de3961b94f9..f88ae886677 100644 --- a/2019/19xxx/CVE-2019-19539.json +++ b/2019/19xxx/CVE-2019-19539.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19539", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19539", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01ABP-L01ABZ, Web ViewPoint Plus H01AAG-H01AAQ and L01AAH-L01AAR, and Web ViewPoint Enterprise H01-H01AAE and L01-L01AAF. By reading ADB or AADB file content within the Installation subvolume, a Guardian user can discover the password of the group.user or alias who acknowledges events from the WVP Events screen." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03981en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03981en_us" } ] } diff --git a/2019/19xxx/CVE-2019-19547.json b/2019/19xxx/CVE-2019-19547.json index 62b2c89aad1..33677bf1ae5 100644 --- a/2019/19xxx/CVE-2019-19547.json +++ b/2019/19xxx/CVE-2019-19547.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19547", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Symantec", + "product": { + "product_data": [ + { + "product_name": "Endpoint Detection and Response (SEDR)", + "version": { + "version_data": [ + { + "version_value": "Prior to 4.3.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.symantec.com/us/en/article.SYMSA1502.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1502.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy." } ] } diff --git a/2019/19xxx/CVE-2019-19548.json b/2019/19xxx/CVE-2019-19548.json index 308bdf7abff..9f7b97625e9 100644 --- a/2019/19xxx/CVE-2019-19548.json +++ b/2019/19xxx/CVE-2019-19548.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-19548", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Symantec", + "product": { + "product_data": [ + { + "product_name": "Norton Power Eraser", + "version": { + "version_data": [ + { + "version_value": "Prior to 5.3.0.67" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.symantec.com/us/en/article.SYMSA1503.html", + "url": "https://support.symantec.com/us/en/article.SYMSA1503.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Norton Power Eraser, prior to 5.3.0.67, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user." } ] } diff --git a/2019/19xxx/CVE-2019-19555.json b/2019/19xxx/CVE-2019-19555.json index 7909160dabf..f2c16cb708f 100644 --- a/2019/19xxx/CVE-2019-19555.json +++ b/2019/19xxx/CVE-2019-19555.json @@ -56,6 +56,11 @@ "url": "https://sourceforge.net/p/mcj/tickets/55/", "refsource": "MISC", "name": "https://sourceforge.net/p/mcj/tickets/55/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200121 [SECURITY] [DLA 2073-1] transfig security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00018.html" } ] } diff --git a/2019/19xxx/CVE-2019-19577.json b/2019/19xxx/CVE-2019-19577.json index 93044340c20..5431f7f2151 100644 --- a/2019/19xxx/CVE-2019-19577.json +++ b/2019/19xxx/CVE-2019-19577.json @@ -66,6 +66,21 @@ "refsource": "FEDORA", "name": "FEDORA-2019-2e12bd3a9a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0011", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/19xxx/CVE-2019-19578.json b/2019/19xxx/CVE-2019-19578.json index 96a590b654b..1e73bc4f879 100644 --- a/2019/19xxx/CVE-2019-19578.json +++ b/2019/19xxx/CVE-2019-19578.json @@ -66,6 +66,21 @@ "refsource": "FEDORA", "name": "FEDORA-2019-2e12bd3a9a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0011", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/19xxx/CVE-2019-19579.json b/2019/19xxx/CVE-2019-19579.json index befc6dd25f4..491789d0e3d 100644 --- a/2019/19xxx/CVE-2019-19579.json +++ b/2019/19xxx/CVE-2019-19579.json @@ -76,6 +76,21 @@ "refsource": "FEDORA", "name": "FEDORA-2019-3d7105bd2a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJYT5FNGM7JSVHHW6B22TSAATBOAPFPD/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0011", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/19xxx/CVE-2019-19580.json b/2019/19xxx/CVE-2019-19580.json index ead195da3e3..727cc28cf18 100644 --- a/2019/19xxx/CVE-2019-19580.json +++ b/2019/19xxx/CVE-2019-19580.json @@ -66,6 +66,21 @@ "refsource": "FEDORA", "name": "FEDORA-2019-2e12bd3a9a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0011", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/19xxx/CVE-2019-19581.json b/2019/19xxx/CVE-2019-19581.json index 87c666abdaa..59ed50b74e1 100644 --- a/2019/19xxx/CVE-2019-19581.json +++ b/2019/19xxx/CVE-2019-19581.json @@ -66,6 +66,21 @@ "refsource": "FEDORA", "name": "FEDORA-2019-2e12bd3a9a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0011", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/19xxx/CVE-2019-19582.json b/2019/19xxx/CVE-2019-19582.json index 309854c99e1..f1938af0f08 100644 --- a/2019/19xxx/CVE-2019-19582.json +++ b/2019/19xxx/CVE-2019-19582.json @@ -66,6 +66,21 @@ "refsource": "FEDORA", "name": "FEDORA-2019-2e12bd3a9a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0011", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/19xxx/CVE-2019-19583.json b/2019/19xxx/CVE-2019-19583.json index ebf9e9cf229..fec7d0c72d1 100644 --- a/2019/19xxx/CVE-2019-19583.json +++ b/2019/19xxx/CVE-2019-19583.json @@ -66,6 +66,21 @@ "refsource": "FEDORA", "name": "FEDORA-2019-2e12bd3a9a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0011", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4602", + "url": "https://www.debian.org/security/2020/dsa-4602" + }, + { + "refsource": "BUGTRAQ", + "name": "20200114 [SECURITY] [DSA 4602-1] xen security update", + "url": "https://seclists.org/bugtraq/2020/Jan/21" } ] } diff --git a/2019/19xxx/CVE-2019-19592.json b/2019/19xxx/CVE-2019-19592.json index f83293a7498..cb5243b9af3 100644 --- a/2019/19xxx/CVE-2019-19592.json +++ b/2019/19xxx/CVE-2019-19592.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19592", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19592", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jama Connect 8.44.0 is vulnerable to stored Cross-Site Scripting" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://sumukh30.blogspot.com/2020/01/normal-0-false-false-false-en-us-x-none.html?m=1", + "url": "https://sumukh30.blogspot.com/2020/01/normal-0-false-false-false-en-us-x-none.html?m=1" } ] } diff --git a/2019/19xxx/CVE-2019-19631.json b/2019/19xxx/CVE-2019-19631.json index 195a1382693..f90079373bf 100644 --- a/2019/19xxx/CVE-2019-19631.json +++ b/2019/19xxx/CVE-2019-19631.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19631", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19631", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. A read-only user can access sensitive information via an API endpoint that reveals session cookies of authenticated administrators, leading to privilege escalation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/big-monitoring-fabric", + "url": "https://know.bishopfox.com/advisories/big-monitoring-fabric" } ] } diff --git a/2019/19xxx/CVE-2019-19632.json b/2019/19xxx/CVE-2019-19632.json index d02a9831f6a..c0be70cb84a 100644 --- a/2019/19xxx/CVE-2019-19632.json +++ b/2019/19xxx/CVE-2019-19632.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19632", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19632", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Big Switch Big Monitoring Fabric 6.2 through 6.2.4, 6.3 through 6.3.9, 7.0 through 7.0.3, and 7.1 through 7.1.3; Big Cloud Fabric 4.5 through 4.5.5, 4.7 through 4.7.7, 5.0 through 5.0.1, and 5.1 through 5.1.4; and Multi-Cloud Director through 1.1.0. An unauthenticated attacker may inject stored arbitrary JavaScript (XSS), and execute it in the content of authenticated administrators." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://know.bishopfox.com/advisories", + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories" + }, + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/big-monitoring-fabric", + "url": "https://know.bishopfox.com/advisories/big-monitoring-fabric" } ] } diff --git a/2019/19xxx/CVE-2019-19680.json b/2019/19xxx/CVE-2019-19680.json index 3d60d64ff6d..4f6171c22dd 100644 --- a/2019/19xxx/CVE-2019-19680.json +++ b/2019/19xxx/CVE-2019-19680.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19680", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19680", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A file-extension filtering vulnerability in Proofpoint Enterprise Protection (PPS / PoD), in the unpatched versions of PPS through 8.9.22 and 8.14.2 respectively, allows attackers to bypass protection mechanisms (related to extensions, MIME types, virus detection, and journal entries for transmitted files) by sending malformed (not RFC compliant) multipart email." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.proofpoint.com/us/security/cve-2019-19680", + "url": "https://www.proofpoint.com/us/security/cve-2019-19680" } ] } diff --git a/2019/19xxx/CVE-2019-19681.json b/2019/19xxx/CVE-2019-19681.json index 58aa60b8694..74be40b5f5c 100644 --- a/2019/19xxx/CVE-2019-19681.json +++ b/2019/19xxx/CVE-2019-19681.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Pandora FMS 7.x suffers from remote code execution vulnerability. With an authenticated user who can modify the alert system, it is possible to define and execute commands as root/Administrator." + "value": "** DISPUTED ** Pandora FMS 7.x suffers from remote code execution vulnerability. With an authenticated user who can modify the alert system, it is possible to define and execute commands as root/Administrator. NOTE: The product vendor states that the vulnerability as it is described is not in fact an actual vulnerability. They state that to be able to create alert commands, you need to have admin rights. They also state that the extended ACL system can disable access to specific sections of the configuration, such as defining new alert commands." } ] }, @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://medium.com/@k4m1ll0/remote-code-execution-vulnerability-in-pandorafms-7-x-8ce55d4b1d5a", "url": "https://medium.com/@k4m1ll0/remote-code-execution-vulnerability-in-pandorafms-7-x-8ce55d4b1d5a" + }, + { + "refsource": "MISC", + "name": "https://pandorafms.com/blog/pandora-fms-vulnerability/", + "url": "https://pandorafms.com/blog/pandora-fms-vulnerability/" } ] } diff --git a/2019/19xxx/CVE-2019-19696.json b/2019/19xxx/CVE-2019-19696.json index a85ff4c3856..16111ea2911 100644 --- a/2019/19xxx/CVE-2019-19696.json +++ b/2019/19xxx/CVE-2019-19696.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", "ID": "CVE-2019-19696", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Password Manager", + "version": { + "version_data": [ + { + "version_value": "5.0.0.1076 and below (Windows) and 5.0.1047 and below (Mac)" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishing sites." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "RootCA Access" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124092.aspx", + "refsource": "MISC", + "name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124092.aspx" + }, + { + "url": "https://jvn.jp/en/jp/JVN37183636/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/en/jp/JVN37183636/index.html" + }, + { + "url": "https://esupport.trendmicro.com/support/pwm/solution/ja-jp/1124091.aspx", + "refsource": "MISC", + "name": "https://esupport.trendmicro.com/support/pwm/solution/ja-jp/1124091.aspx" + }, + { + "url": "https://jvn.jp/jp/JVN37183636/index.html", + "refsource": "MISC", + "name": "https://jvn.jp/jp/JVN37183636/index.html" } ] } diff --git a/2019/19xxx/CVE-2019-19697.json b/2019/19xxx/CVE-2019-19697.json index ed92470ee72..a050658c309 100644 --- a/2019/19xxx/CVE-2019-19697.json +++ b/2019/19xxx/CVE-2019-19697.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", "ID": "CVE-2019-19697", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Security (Consumer)", + "version": { + "version_data": [ + { + "version_value": "2019 (v15) " + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx", + "refsource": "MISC", + "name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx" + }, + { + "url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt", + "refsource": "MISC", + "name": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 Trend Micro Security 2019 (Consumer) Multiple Products Security Bypass Protected Service Tampering CVE-2019-19697", + "url": "https://seclists.org/bugtraq/2020/Jan/29" } ] } diff --git a/2019/19xxx/CVE-2019-19722.json b/2019/19xxx/CVE-2019-19722.json index 846774ea630..1ee18ed7d01 100644 --- a/2019/19xxx/CVE-2019-19722.json +++ b/2019/19xxx/CVE-2019-19722.json @@ -76,6 +76,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-5898f4f935", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OZCJ3RBA4WIYGN7SOV4TW2AIHXPZATK/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-72e5ac943a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PPB7PG5BM3MC5ZF2KHQ3UR7CZIO42BB/" } ] } diff --git a/2019/19xxx/CVE-2019-19724.json b/2019/19xxx/CVE-2019-19724.json index bd34cf4c3bf..d0ebdb1e9a0 100644 --- a/2019/19xxx/CVE-2019-19724.json +++ b/2019/19xxx/CVE-2019-19724.json @@ -56,6 +56,11 @@ "refsource": "CONFIRM", "name": "https://github.com/sylabs/singularity/releases/tag/v3.5.2", "url": "https://github.com/sylabs/singularity/releases/tag/v3.5.2" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0057", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html" } ] } diff --git a/2019/19xxx/CVE-2019-19725.json b/2019/19xxx/CVE-2019-19725.json index bfd0df95a4b..34117ddc5af 100644 --- a/2019/19xxx/CVE-2019-19725.json +++ b/2019/19xxx/CVE-2019-19725.json @@ -56,6 +56,11 @@ "url": "https://github.com/sysstat/sysstat/issues/242", "refsource": "MISC", "name": "https://github.com/sysstat/sysstat/issues/242" + }, + { + "refsource": "UBUNTU", + "name": "USN-4242-1", + "url": "https://usn.ubuntu.com/4242-1/" } ] } diff --git a/2019/19xxx/CVE-2019-19727.json b/2019/19xxx/CVE-2019-19727.json index eff15e20db3..5e79cd65faa 100644 --- a/2019/19xxx/CVE-2019-19727.json +++ b/2019/19xxx/CVE-2019-19727.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19727", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19727", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd.conf permissions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.schedmd.com/pipermail/slurm-announce/", + "refsource": "MISC", + "name": "https://lists.schedmd.com/pipermail/slurm-announce/" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1155784", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1155784" + }, + { + "refsource": "CONFIRM", + "name": "https://www.schedmd.com/news.php", + "url": "https://www.schedmd.com/news.php" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0085", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html" } ] } diff --git a/2019/19xxx/CVE-2019-19728.json b/2019/19xxx/CVE-2019-19728.json index 08f102f2888..3f2a4e3be6d 100644 --- a/2019/19xxx/CVE-2019-19728.json +++ b/2019/19xxx/CVE-2019-19728.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19728", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19728", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --uid with incorrect privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lists.schedmd.com/pipermail/slurm-announce/", + "refsource": "MISC", + "name": "https://lists.schedmd.com/pipermail/slurm-announce/" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1159692", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1159692" + }, + { + "refsource": "CONFIRM", + "name": "https://www.schedmd.com/news.php", + "url": "https://www.schedmd.com/news.php" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0085", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00038.html" } ] } diff --git a/2019/19xxx/CVE-2019-19740.json b/2019/19xxx/CVE-2019-19740.json index c97e5936144..4a32f0fc295 100644 --- a/2019/19xxx/CVE-2019-19740.json +++ b/2019/19xxx/CVE-2019-19740.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Octeth Oempro 4.7 allows SQL injection. The parameter CampaignID in Campaign.Get is vulnerable." + "value": "Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignID in Campaign.Get is vulnerable." } ] }, @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://github.com/BrunoBulle/Oempro_4.7/blob/master/README.md", "url": "https://github.com/BrunoBulle/Oempro_4.7/blob/master/README.md" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156113/Octeth-Oempro-4.8-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/156113/Octeth-Oempro-4.8-SQL-Injection.html" } ] } diff --git a/2019/19xxx/CVE-2019-19746.json b/2019/19xxx/CVE-2019-19746.json index ebe22f123bb..cca12c3f03c 100644 --- a/2019/19xxx/CVE-2019-19746.json +++ b/2019/19xxx/CVE-2019-19746.json @@ -56,6 +56,16 @@ "url": "https://sourceforge.net/p/mcj/tickets/57/", "refsource": "MISC", "name": "https://sourceforge.net/p/mcj/tickets/57/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-6a2824178e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ILJM2G6NM5MMBKTT5CH23TAI6DJGNW36/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-5d0f0593ae", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7XOY5NXUZ6JRBBPYA3CXWGRGQTSDVVG2/" } ] } diff --git a/2019/19xxx/CVE-2019-19767.json b/2019/19xxx/CVE-2019-19767.json index 2837195719d..a4e723eed0d 100644 --- a/2019/19xxx/CVE-2019-19767.json +++ b/2019/19xxx/CVE-2019-19767.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200103-0001/", "url": "https://security.netapp.com/advisory/ntap-20200103-0001/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19781.json b/2019/19xxx/CVE-2019-19781.json index c808a0a75f8..0c6c6f87e15 100644 --- a/2019/19xxx/CVE-2019-19781.json +++ b/2019/19xxx/CVE-2019-19781.json @@ -66,6 +66,41 @@ "refsource": "MISC", "name": "https://twitter.com/bad_packets/status/1215431625766424576", "url": "https://twitter.com/bad_packets/status/1215431625766424576" + }, + { + "refsource": "MISC", + "name": "https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/", + "url": "https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/" + }, + { + "refsource": "MISC", + "name": "https://forms.gle/eDf3DXZAv96oosfj6", + "url": "https://forms.gle/eDf3DXZAv96oosfj6" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155930/Citrix-Application-Delivery-Controller-Gateway-10.5-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html", + "url": "http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html", + "url": "http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html" } ] } diff --git a/2019/19xxx/CVE-2019-19797.json b/2019/19xxx/CVE-2019-19797.json index 09e041794d8..7e462f0d529 100644 --- a/2019/19xxx/CVE-2019-19797.json +++ b/2019/19xxx/CVE-2019-19797.json @@ -56,6 +56,16 @@ "url": "https://sourceforge.net/p/mcj/tickets/67/", "refsource": "MISC", "name": "https://sourceforge.net/p/mcj/tickets/67/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-6a2824178e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ILJM2G6NM5MMBKTT5CH23TAI6DJGNW36/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-5d0f0593ae", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7XOY5NXUZ6JRBBPYA3CXWGRGQTSDVVG2/" } ] } diff --git a/2019/19xxx/CVE-2019-19801.json b/2019/19xxx/CVE-2019-19801.json index 18f22352771..4fa9a2f3270 100644 --- a/2019/19xxx/CVE-2019-19801.json +++ b/2019/19xxx/CVE-2019-19801.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19801", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19801", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Gallagher Command Centre Server versions of v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an unprivileged but authenticated user is able to perform a backup of the Command Centre databases." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.gallagher.com/cve-2019-19801", + "url": "https://security.gallagher.com/cve-2019-19801" } ] } diff --git a/2019/19xxx/CVE-2019-19802.json b/2019/19xxx/CVE-2019-19802.json index 02a57fdc6de..28452f8096d 100644 --- a/2019/19xxx/CVE-2019-19802.json +++ b/2019/19xxx/CVE-2019-19802.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19802", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19802", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Gallagher Command Centre Server v8.10 prior to v8.10.1134(MR4), v8.00 prior to v8.00.1161(MR5), v7.90 prior to v7.90.991(MR5), v7.80 prior to v7.80.960(MR2) and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without privilege checks being applied." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://security.gallagher.com/cve-2019-19802", + "url": "https://security.gallagher.com/cve-2019-19802" } ] } diff --git a/2019/19xxx/CVE-2019-19817.json b/2019/19xxx/CVE-2019-19817.json index 92679abb759..c4b522fcdb1 100644 --- a/2019/19xxx/CVE-2019-19817.json +++ b/2019/19xxx/CVE-2019-19817.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19817", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19817", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x2e8a Out-of-Bounds Read via crafted Unicode content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nafiez.github.io/security/vulnerability/remote/2019/12/12/multiple-nitro-pdf-vulnerability.html", + "refsource": "MISC", + "name": "https://nafiez.github.io/security/vulnerability/remote/2019/12/12/multiple-nitro-pdf-vulnerability.html" + }, + { + "url": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-12-multiple-nitro-pdf-vulnerability.md", + "refsource": "MISC", + "name": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-12-multiple-nitro-pdf-vulnerability.md" } ] } diff --git a/2019/19xxx/CVE-2019-19819.json b/2019/19xxx/CVE-2019-19819.json index 058d88bafa6..5fc8b53b33b 100644 --- a/2019/19xxx/CVE-2019-19819.json +++ b/2019/19xxx/CVE-2019-19819.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19819", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19819", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The JBIG2Globals library in npdf.dll in Nitro Free PDF Reader 12.0.0.112 has a CAPPDAnnotHandlerUtils::PDAnnotHandlerDestroyData2+0x90ec NULL Pointer Dereference via crafted Unicode content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nafiez.github.io/security/vulnerability/remote/2019/12/12/multiple-nitro-pdf-vulnerability.html", + "refsource": "MISC", + "name": "https://nafiez.github.io/security/vulnerability/remote/2019/12/12/multiple-nitro-pdf-vulnerability.html" + }, + { + "url": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-12-multiple-nitro-pdf-vulnerability.md", + "refsource": "MISC", + "name": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-12-multiple-nitro-pdf-vulnerability.md" } ] } diff --git a/2019/19xxx/CVE-2019-19820.json b/2019/19xxx/CVE-2019-19820.json index 36ec334dbee..18351048619 100644 --- a/2019/19xxx/CVE-2019-19820.json +++ b/2019/19xxx/CVE-2019-19820.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19820", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19820", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0.6.9 allows an attacker to achieve privilege escalation, denial-of-service, and code execution via usermode because 0x9C402405 using METHOD_NEITHER results in a read primitive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nafiez.github.io/security/vulnerability/2019/12/04/kyrol-internet-security-invalid-pointer-vulnerability.html", + "refsource": "MISC", + "name": "https://nafiez.github.io/security/vulnerability/2019/12/04/kyrol-internet-security-invalid-pointer-vulnerability.html" + }, + { + "url": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-04-kyrol-internet-security-invalid-pointer-vulnerability.md", + "refsource": "MISC", + "name": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2019-12-04-kyrol-internet-security-invalid-pointer-vulnerability.md" } ] } diff --git a/2019/19xxx/CVE-2019-19822.json b/2019/19xxx/CVE-2019-19822.json index 5c459eadef2..fbc7bd81806 100644 --- a/2019/19xxx/CVE-2019-19822.json +++ b/2019/19xxx/CVE-2019-19822.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19822", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19822", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13", + "refsource": "MISC", + "name": "https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13" + }, + { + "url": "http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz", + "refsource": "MISC", + "name": "http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz" + }, + { + "url": "https://sploit.tech", + "refsource": "MISC", + "name": "https://sploit.tech" + }, + { + "refsource": "FULLDISC", + "name": "20200124 Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers", + "url": "http://seclists.org/fulldisclosure/2020/Jan/36" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html" } ] } diff --git a/2019/19xxx/CVE-2019-19823.json b/2019/19xxx/CVE-2019-19823.json index deafa97ad87..1442389daf4 100644 --- a/2019/19xxx/CVE-2019-19823.json +++ b/2019/19xxx/CVE-2019-19823.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19823", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19823", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13", + "refsource": "MISC", + "name": "https://github.com/Saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#L13" + }, + { + "url": "http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz", + "refsource": "MISC", + "name": "http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz" + }, + { + "url": "https://sploit.tech", + "refsource": "MISC", + "name": "https://sploit.tech" + }, + { + "refsource": "FULLDISC", + "name": "20200124 Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers", + "url": "http://seclists.org/fulldisclosure/2020/Jan/36" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html" } ] } diff --git a/2019/19xxx/CVE-2019-19824.json b/2019/19xxx/CVE-2019-19824.json index 1597f287525..63c555179d0 100644 --- a/2019/19xxx/CVE-2019-19824.json +++ b/2019/19xxx/CVE-2019-19824.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19824", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19824", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On certain TOTOLINK Realtek SDK based routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sploit.tech", + "refsource": "MISC", + "name": "https://sploit.tech" + }, + { + "refsource": "FULLDISC", + "name": "20200124 Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers", + "url": "http://seclists.org/fulldisclosure/2020/Jan/36" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html" } ] } diff --git a/2019/19xxx/CVE-2019-19825.json b/2019/19xxx/CVE-2019-19825.json index 18a763c4b20..cbd9d4a3cdf 100644 --- a/2019/19xxx/CVE-2019-19825.json +++ b/2019/19xxx/CVE-2019-19825.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19825", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19825", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via an {\"topicurl\":\"setting/getSanvas\"} POST to the boafrm/formLogin URI, leading to a CAPTCHA bypass. (Also, the CAPTCHA text is not needed once the attacker has determined valid credentials. The attacker can perform router actions via HTTP requests with Basic Authentication.) This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sploit.tech", + "refsource": "MISC", + "name": "https://sploit.tech" + }, + { + "refsource": "FULLDISC", + "name": "20200124 Multiple vulnerabilities in TOTOLINK and other Realtek SDK based routers", + "url": "http://seclists.org/fulldisclosure/2020/Jan/36" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156083/Realtek-SDK-Information-Disclosure-Code-Execution.html" } ] } diff --git a/2019/19xxx/CVE-2019-19833.json b/2019/19xxx/CVE-2019-19833.json index cb28b346e81..69abf5b7ff8 100644 --- a/2019/19xxx/CVE-2019-19833.json +++ b/2019/19xxx/CVE-2019-19833.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155710/Tautulli-2.1.9-Cross-Site-Request-Forgery.html", "url": "http://packetstormsecurity.com/files/155710/Tautulli-2.1.9-Cross-Site-Request-Forgery.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155974/Tautulli-2.1.9-Denial-Of-Service.html", + "url": "http://packetstormsecurity.com/files/155974/Tautulli-2.1.9-Denial-Of-Service.html" } ] } diff --git a/2019/19xxx/CVE-2019-19834.json b/2019/19xxx/CVE-2019-19834.json index bbe1690e1ae..20afd64b22c 100644 --- a/2019/19xxx/CVE-2019-19834.json +++ b/2019/19xxx/CVE-2019-19834.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19834", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19834", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html", + "refsource": "MISC", + "name": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html" + }, + { + "refsource": "MISC", + "name": "https://www.ruckuswireless.com/security/299/view/txt", + "url": "https://www.ruckuswireless.com/security/299/view/txt" + }, + { + "refsource": "MISC", + "name": "https://alephsecurity.com/2020/01/14/ruckus-wireless", + "url": "https://alephsecurity.com/2020/01/14/ruckus-wireless" } ] } diff --git a/2019/19xxx/CVE-2019-19835.json b/2019/19xxx/CVE-2019-19835.json index ff297c82d33..e75e3f33d77 100644 --- a/2019/19xxx/CVE-2019-19835.json +++ b/2019/19xxx/CVE-2019-19835.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19835", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19835", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html", + "refsource": "MISC", + "name": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html" + }, + { + "refsource": "MISC", + "name": "https://www.ruckuswireless.com/security/299/view/txt", + "url": "https://www.ruckuswireless.com/security/299/view/txt" + }, + { + "refsource": "MISC", + "name": "https://alephsecurity.com/2020/01/14/ruckus-wireless", + "url": "https://alephsecurity.com/2020/01/14/ruckus-wireless" } ] } diff --git a/2019/19xxx/CVE-2019-19836.json b/2019/19xxx/CVE-2019-19836.json index 6774b62063f..947a03748e2 100644 --- a/2019/19xxx/CVE-2019-19836.json +++ b/2019/19xxx/CVE-2019-19836.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19836", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19836", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html", + "refsource": "MISC", + "name": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html" + }, + { + "refsource": "MISC", + "name": "https://www.ruckuswireless.com/security/299/view/txt", + "url": "https://www.ruckuswireless.com/security/299/view/txt" + }, + { + "refsource": "MISC", + "name": "https://alephsecurity.com/2020/01/14/ruckus-wireless", + "url": "https://alephsecurity.com/2020/01/14/ruckus-wireless" } ] } diff --git a/2019/19xxx/CVE-2019-19837.json b/2019/19xxx/CVE-2019-19837.json index 2c23ce70772..494658875de 100644 --- a/2019/19xxx/CVE-2019-19837.json +++ b/2019/19xxx/CVE-2019-19837.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19837", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19837", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html", + "refsource": "MISC", + "name": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html" + }, + { + "refsource": "MISC", + "name": "https://www.ruckuswireless.com/security/299/view/txt", + "url": "https://www.ruckuswireless.com/security/299/view/txt" + }, + { + "refsource": "MISC", + "name": "https://alephsecurity.com/2020/01/14/ruckus-wireless", + "url": "https://alephsecurity.com/2020/01/14/ruckus-wireless" } ] } diff --git a/2019/19xxx/CVE-2019-19838.json b/2019/19xxx/CVE-2019-19838.json index 29a28a9188e..27aa1c664b1 100644 --- a/2019/19xxx/CVE-2019-19838.json +++ b/2019/19xxx/CVE-2019-19838.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19838", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19838", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=get-platform-depends to admin/_cmdstat.jsp via the uploadFile attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html", + "refsource": "MISC", + "name": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html" + }, + { + "refsource": "MISC", + "name": "https://www.ruckuswireless.com/security/299/view/txt", + "url": "https://www.ruckuswireless.com/security/299/view/txt" + }, + { + "refsource": "MISC", + "name": "https://alephsecurity.com/2020/01/14/ruckus-wireless", + "url": "https://alephsecurity.com/2020/01/14/ruckus-wireless" } ] } diff --git a/2019/19xxx/CVE-2019-19839.json b/2019/19xxx/CVE-2019-19839.json index 76aa0e4082d..cf3757e233a 100644 --- a/2019/19xxx/CVE-2019-19839.json +++ b/2019/19xxx/CVE-2019-19839.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19839", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19839", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=import-category to admin/_cmdstat.jsp via the uploadFile attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html", + "refsource": "MISC", + "name": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html" + }, + { + "refsource": "MISC", + "name": "https://www.ruckuswireless.com/security/299/view/txt", + "url": "https://www.ruckuswireless.com/security/299/view/txt" + }, + { + "refsource": "MISC", + "name": "https://alephsecurity.com/2020/01/14/ruckus-wireless", + "url": "https://alephsecurity.com/2020/01/14/ruckus-wireless" } ] } diff --git a/2019/19xxx/CVE-2019-19840.json b/2019/19xxx/CVE-2019-19840.json index ad90ec177a0..1d55ce8e1b0 100644 --- a/2019/19xxx/CVE-2019-19840.json +++ b/2019/19xxx/CVE-2019-19840.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19840", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19840", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html", + "refsource": "MISC", + "name": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html" + }, + { + "refsource": "MISC", + "name": "https://www.ruckuswireless.com/security/299/view/txt", + "url": "https://www.ruckuswireless.com/security/299/view/txt" + }, + { + "refsource": "MISC", + "name": "https://alephsecurity.com/2020/01/14/ruckus-wireless", + "url": "https://alephsecurity.com/2020/01/14/ruckus-wireless" } ] } diff --git a/2019/19xxx/CVE-2019-19841.json b/2019/19xxx/CVE-2019-19841.json index 82352a10e87..4c3138f8aa2 100644 --- a/2019/19xxx/CVE-2019-19841.json +++ b/2019/19xxx/CVE-2019-19841.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19841", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19841", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=packet-capture to admin/_cmdstat.jsp via the mac attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html", + "refsource": "MISC", + "name": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html" + }, + { + "refsource": "MISC", + "name": "https://www.ruckuswireless.com/security/299/view/txt", + "url": "https://www.ruckuswireless.com/security/299/view/txt" + }, + { + "refsource": "MISC", + "name": "https://alephsecurity.com/2020/01/14/ruckus-wireless", + "url": "https://alephsecurity.com/2020/01/14/ruckus-wireless" } ] } diff --git a/2019/19xxx/CVE-2019-19842.json b/2019/19xxx/CVE-2019-19842.json index d447b41cccb..0ecdc0be38a 100644 --- a/2019/19xxx/CVE-2019-19842.json +++ b/2019/19xxx/CVE-2019-19842.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19842", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19842", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote attackers to execute OS commands via a POST request with the attribute xcmd=spectra-analysis to admin/_cmdstat.jsp via the mac attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html", + "refsource": "MISC", + "name": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html" + }, + { + "refsource": "MISC", + "name": "https://www.ruckuswireless.com/security/299/view/txt", + "url": "https://www.ruckuswireless.com/security/299/view/txt" + }, + { + "refsource": "MISC", + "name": "https://alephsecurity.com/2020/01/14/ruckus-wireless", + "url": "https://alephsecurity.com/2020/01/14/ruckus-wireless" } ] } diff --git a/2019/19xxx/CVE-2019-19843.json b/2019/19xxx/CVE-2019-19843.json index 180c4c3e20a..c9ab96affd0 100644 --- a/2019/19xxx/CVE-2019-19843.json +++ b/2019/19xxx/CVE-2019-19843.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19843", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19843", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html", + "refsource": "MISC", + "name": "https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/10816.html" + }, + { + "refsource": "MISC", + "name": "https://www.ruckuswireless.com/security/299/view/txt", + "url": "https://www.ruckuswireless.com/security/299/view/txt" + }, + { + "refsource": "MISC", + "name": "https://alephsecurity.com/2020/01/14/ruckus-wireless", + "url": "https://alephsecurity.com/2020/01/14/ruckus-wireless" } ] } diff --git a/2019/19xxx/CVE-2019-19844.json b/2019/19xxx/CVE-2019-19844.json index 06497c79b4e..7acefcf5256 100644 --- a/2019/19xxx/CVE-2019-19844.json +++ b/2019/19xxx/CVE-2019-19844.json @@ -91,6 +91,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200110-0003/", "url": "https://security.netapp.com/advisory/ntap-20200110-0003/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-adb4f0143a", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HCM2DPUI7TOZWN4A6JFQFUVQ2XGE7GUD/" } ] } diff --git a/2019/19xxx/CVE-2019-19854.json b/2019/19xxx/CVE-2019-19854.json index 67cdfe2d11f..4e73e759616 100644 --- a/2019/19xxx/CVE-2019-19854.json +++ b/2019/19xxx/CVE-2019-19854.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19854", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19854", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. It does not use CSRF Tokens to mitigate against CSRF; it uses the Origin header (which must match the request origin). This is problematic in conjunction with XSS: one can escalate privileges from User level to Administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://websec.nl/news.php", + "url": "https://websec.nl/news.php" } ] } diff --git a/2019/19xxx/CVE-2019-19855.json b/2019/19xxx/CVE-2019-19855.json index 0af738af336..a34045454f0 100644 --- a/2019/19xxx/CVE-2019-19855.json +++ b/2019/19xxx/CVE-2019-19855.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19855", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19855", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/list_user allows stored XSS via the auth_type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://websec.nl/news.php", + "url": "https://websec.nl/news.php" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182", + "url": "https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182" } ] } diff --git a/2019/19xxx/CVE-2019-19856.json b/2019/19xxx/CVE-2019-19856.json index ca118ab9f2d..fe633d55218 100644 --- a/2019/19xxx/CVE-2019-19856.json +++ b/2019/19xxx/CVE-2019-19856.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19856", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19856", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The User Type on the admin/list_user page allows stored XSS via the type parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://websec.nl/news.php", + "url": "https://websec.nl/news.php" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182", + "url": "https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182" } ] } diff --git a/2019/19xxx/CVE-2019-19857.json b/2019/19xxx/CVE-2019-19857.json index 6b96ff704c4..5ae6c805f4f 100644 --- a/2019/19xxx/CVE-2019-19857.json +++ b/2019/19xxx/CVE-2019-19857.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19857", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19857", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change Password screen does not enhance security. This is problematic in conjunction with XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://websec.nl/news.php", + "url": "https://websec.nl/news.php" } ] } diff --git a/2019/19xxx/CVE-2019-19858.json b/2019/19xxx/CVE-2019-19858.json index 718d4460c71..92b26e6521e 100644 --- a/2019/19xxx/CVE-2019-19858.json +++ b/2019/19xxx/CVE-2019-19858.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19858", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19858", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/add_user/UID allows stored XSS via the author parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://websec.nl/news.php", + "url": "https://websec.nl/news.php" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182", + "url": "https://github.com/SerpicoProject/Serpico/commit/270f05ca6e51c87bb0867abb0511b61bf2aae182" } ] } diff --git a/2019/19xxx/CVE-2019-19859.json b/2019/19xxx/CVE-2019-19859.json index 37484f548e5..4263d0b55f0 100644 --- a/2019/19xxx/CVE-2019-19859.json +++ b/2019/19xxx/CVE-2019-19859.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19859", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19859", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The Add Collaborator allows unlimited data via the author parameter, even if the data does not match anything in the database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.websec.nl/news.php", + "url": "https://www.websec.nl/news.php" } ] } diff --git a/2019/19xxx/CVE-2019-19880.json b/2019/19xxx/CVE-2019-19880.json index 777ba7260f6..59da44dc070 100644 --- a/2019/19xxx/CVE-2019-19880.json +++ b/2019/19xxx/CVE-2019-19880.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54", "url": "https://github.com/sqlite/sqlite/commit/75e95e1fcd52d3ec8282edb75ac8cd0814095d54" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200114-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200114-0001/" } ] } diff --git a/2019/19xxx/CVE-2019-19886.json b/2019/19xxx/CVE-2019-19886.json index e76a4f8a760..f9069559fa4 100644 --- a/2019/19xxx/CVE-2019-19886.json +++ b/2019/19xxx/CVE-2019-19886.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19886", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19886", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to send crafted requests that may, when sent quickly in large volumes, lead to the server becoming slow or unresponsive (Denial of Service) because of a flaw in Transaction::addRequestHeader in transaction.cc." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-denial-of-service-details-cve-2019-19886/", + "url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-denial-of-service-details-cve-2019-19886/" } ] } diff --git a/2019/19xxx/CVE-2019-19891.json b/2019/19xxx/CVE-2019-19891.json index 8991523f6c8..b9ee9f1e3d4 100644 --- a/2019/19xxx/CVE-2019-19891.json +++ b/2019/19xxx/CVE-2019-19891.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19891", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19891", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 and 8.1 could allow an attacker to launch a man-in-the-middle attack. A successful exploit may allow the attacker to intercept sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.mitel.com/support/security-advisories", + "refsource": "MISC", + "name": "https://www.mitel.com/support/security-advisories" + }, + { + "refsource": "CONFIRM", + "name": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0009", + "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-19-0009" } ] } diff --git a/2019/19xxx/CVE-2019-19893.json b/2019/19xxx/CVE-2019-19893.json index 1e7f524f35f..0e3261f7b74 100644 --- a/2019/19xxx/CVE-2019-19893.json +++ b/2019/19xxx/CVE-2019-19893.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19893", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19893", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In IXP EasyInstall 6.2.13723, there is Directory Traversal on TCP port 8000 via the Engine Service by an unauthenticated attacker, who can access the server's filesystem with the access rights of NT AUTHORITY\\SYSTEM." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software", + "url": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19894.json b/2019/19xxx/CVE-2019-19894.json index bb4af8faf26..2ffdbafbca1 100644 --- a/2019/19xxx/CVE-2019-19894.json +++ b/2019/19xxx/CVE-2019-19894.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19894", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19894", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In IXP EasyInstall 6.2.13723, it is possible to temporarily disable UAC by using the Agent Service on a client system. An authenticated attacker (non-admin) can disable UAC for other users by renaming and replacing %SYSTEMDRIVE%\\IXP\\DATA\\IXPAS.IXP." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software", + "url": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:N/C:N/I:H/PR:L/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19895.json b/2019/19xxx/CVE-2019-19895.json index 14adf9b5bbc..2924e1c33f6 100644 --- a/2019/19xxx/CVE-2019-19895.json +++ b/2019/19xxx/CVE-2019-19895.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19895", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19895", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In IXP EasyInstall 6.2.13723, there is Lateral Movement (using the Agent Service) against other users on a client system. An authenticated attacker can, by modifying %SYSTEMDRIVE%\\IXP\\SW\\[PACKAGE_CODE]\\EveryLogon.bat, achieve this movement and execute code in the context of other users." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software", + "url": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:L/A:H/C:H/I:H/PR:L/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19896.json b/2019/19xxx/CVE-2019-19896.json index 7c2e67275bc..2def7fa82d5 100644 --- a/2019/19xxx/CVE-2019-19896.json +++ b/2019/19xxx/CVE-2019-19896.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19896", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19896", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In IXP EasyInstall 6.2.13723, there is Remote Code Execution via weak permissions on the Engine Service share. The default file permissions of the IXP$ share on the server allows modification of directories and files (e.g., bat-scripts), which allows execution of code in the context of NT AUTHORITY\\SYSTEM on the target server and clients." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software", + "url": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19897.json b/2019/19xxx/CVE-2019-19897.json index 58860f24309..86fd729b949 100644 --- a/2019/19xxx/CVE-2019-19897.json +++ b/2019/19xxx/CVE-2019-19897.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19897", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19897", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In IXP EasyInstall 6.2.13723, there is Remote Code Execution via the Agent Service. An unauthenticated attacker can communicate with the Agent Service over TCP port 20051, and execute code in the NT AUTHORITY\\SYSTEM context of the target system by using the Execute Command Line function." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software", + "url": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:C/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19898.json b/2019/19xxx/CVE-2019-19898.json index 6db578eb743..0250ca61b02 100644 --- a/2019/19xxx/CVE-2019-19898.json +++ b/2019/19xxx/CVE-2019-19898.json @@ -1,18 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-19898", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-19898", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In IXP EasyInstall 6.2.13723, there are cleartext credentials in network communication on TCP port 20050 when using the Administrator console remotely." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software", + "url": "https://improsec.com/tech-blog/multiple-vulnerabilities-in-easyinstall-rmm-and-deployment-software" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:H/I:N/PR:N/S:U/UI:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19922.json b/2019/19xxx/CVE-2019-19922.json index 84e358f44f5..1622e47f9c2 100644 --- a/2019/19xxx/CVE-2019-19922.json +++ b/2019/19xxx/CVE-2019-19922.json @@ -81,6 +81,11 @@ "refsource": "UBUNTU", "name": "USN-4226-1", "url": "https://usn.ubuntu.com/4226-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19923.json b/2019/19xxx/CVE-2019-19923.json index bea4a80fe3f..0ca309d796c 100644 --- a/2019/19xxx/CVE-2019-19923.json +++ b/2019/19xxx/CVE-2019-19923.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35", "url": "https://github.com/sqlite/sqlite/commit/396afe6f6aa90a31303c183e11b2b2d4b7956b35" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200114-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200114-0003/" } ] } diff --git a/2019/19xxx/CVE-2019-19924.json b/2019/19xxx/CVE-2019-19924.json index f92e7d2305f..09c36cf0265 100644 --- a/2019/19xxx/CVE-2019-19924.json +++ b/2019/19xxx/CVE-2019-19924.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3", "url": "https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200114-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200114-0003/" } ] } diff --git a/2019/19xxx/CVE-2019-19925.json b/2019/19xxx/CVE-2019-19925.json index 801a15d7dc5..01520c80474 100644 --- a/2019/19xxx/CVE-2019-19925.json +++ b/2019/19xxx/CVE-2019-19925.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618", "url": "https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200114-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200114-0003/" } ] } diff --git a/2019/19xxx/CVE-2019-19926.json b/2019/19xxx/CVE-2019-19926.json index e13ab9300fa..84f60255c57 100644 --- a/2019/19xxx/CVE-2019-19926.json +++ b/2019/19xxx/CVE-2019-19926.json @@ -56,6 +56,11 @@ "url": "https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089", "refsource": "MISC", "name": "https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200114-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200114-0003/" } ] } diff --git a/2019/19xxx/CVE-2019-19947.json b/2019/19xxx/CVE-2019-19947.json index 0114fb7935d..ffcaaf51d77 100644 --- a/2019/19xxx/CVE-2019-19947.json +++ b/2019/19xxx/CVE-2019-19947.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191224 CVE-2019-19947: Linux kernel can: kvaser_usb: kvaser_usb_leaf: some info-leaks vulnerabilities", "url": "http://www.openwall.com/lists/oss-security/2019/12/24/1" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19950.json b/2019/19xxx/CVE-2019-19950.json index c94d6ec5dca..ca6d688e24e 100644 --- a/2019/19xxx/CVE-2019-19950.json +++ b/2019/19xxx/CVE-2019-19950.json @@ -61,6 +61,11 @@ "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4", "refsource": "MISC", "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0055", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html" } ] } diff --git a/2019/19xxx/CVE-2019-19951.json b/2019/19xxx/CVE-2019-19951.json index cea299b4b63..17f790d679c 100644 --- a/2019/19xxx/CVE-2019-19951.json +++ b/2019/19xxx/CVE-2019-19951.json @@ -61,6 +61,11 @@ "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d", "refsource": "MISC", "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0055", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html" } ] } diff --git a/2019/19xxx/CVE-2019-19953.json b/2019/19xxx/CVE-2019-19953.json index 8956aa05be7..2f269b7d62f 100644 --- a/2019/19xxx/CVE-2019-19953.json +++ b/2019/19xxx/CVE-2019-19953.json @@ -61,6 +61,11 @@ "url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf", "refsource": "MISC", "name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0055", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00026.html" } ] } diff --git a/2019/19xxx/CVE-2019-19956.json b/2019/19xxx/CVE-2019-19956.json index fb30cb3abed..f633b7904b3 100644 --- a/2019/19xxx/CVE-2019-19956.json +++ b/2019/19xxx/CVE-2019-19956.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191228 [SECURITY] [DLA 2048-1] libxml2 security update", "url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200114-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200114-0002/" } ] } diff --git a/2019/19xxx/CVE-2019-19965.json b/2019/19xxx/CVE-2019-19965.json index 089c9fcd22b..63402dc786f 100644 --- a/2019/19xxx/CVE-2019-19965.json +++ b/2019/19xxx/CVE-2019-19965.json @@ -56,6 +56,11 @@ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f70267f379b5e5e11bdc5d72a56bf17e5feed01f", "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f70267f379b5e5e11bdc5d72a56bf17e5feed01f" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/19xxx/CVE-2019-19966.json b/2019/19xxx/CVE-2019-19966.json index 561ada597e3..050a18239f5 100644 --- a/2019/19xxx/CVE-2019-19966.json +++ b/2019/19xxx/CVE-2019-19966.json @@ -61,6 +61,11 @@ "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dea37a97265588da604c6ba80160a287b72c7bfd", "refsource": "MISC", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dea37a97265588da604c6ba80160a287b72c7bfd" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] } diff --git a/2019/1xxx/CVE-2019-1020.json b/2019/1xxx/CVE-2019-1020.json index 15bd1260df5..ac92440c8be 100644 --- a/2019/1xxx/CVE-2019-1020.json +++ b/2019/1xxx/CVE-2019-1020.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1020", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1020", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1042.json b/2019/1xxx/CVE-2019-1042.json index 5a9ed8f12dc..342b939bd08 100644 --- a/2019/1xxx/CVE-2019-1042.json +++ b/2019/1xxx/CVE-2019-1042.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1042", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1042", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1058.json b/2019/1xxx/CVE-2019-1058.json index d2441e9850c..8da07ff211f 100644 --- a/2019/1xxx/CVE-2019-1058.json +++ b/2019/1xxx/CVE-2019-1058.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1058", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1058", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1061.json b/2019/1xxx/CVE-2019-1061.json index f1f81356f23..4f76f6c663d 100644 --- a/2019/1xxx/CVE-2019-1061.json +++ b/2019/1xxx/CVE-2019-1061.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1061", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1061", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1066.json b/2019/1xxx/CVE-2019-1066.json index 86a79717d34..bb03652aee6 100644 --- a/2019/1xxx/CVE-2019-1066.json +++ b/2019/1xxx/CVE-2019-1066.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1066", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1066", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1114.json b/2019/1xxx/CVE-2019-1114.json index 1b0a3989ad9..6b2b898968e 100644 --- a/2019/1xxx/CVE-2019-1114.json +++ b/2019/1xxx/CVE-2019-1114.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1114", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1114", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1115.json b/2019/1xxx/CVE-2019-1115.json index d9205ec0a09..63fb53bbb5a 100644 --- a/2019/1xxx/CVE-2019-1115.json +++ b/2019/1xxx/CVE-2019-1115.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1115", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1115", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1135.json b/2019/1xxx/CVE-2019-1135.json index f98ba370751..8c8cba476f3 100644 --- a/2019/1xxx/CVE-2019-1135.json +++ b/2019/1xxx/CVE-2019-1135.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1135", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1135", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1160.json b/2019/1xxx/CVE-2019-1160.json index 3a796a6ab14..269240c006e 100644 --- a/2019/1xxx/CVE-2019-1160.json +++ b/2019/1xxx/CVE-2019-1160.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1160", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1160", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1165.json b/2019/1xxx/CVE-2019-1165.json index 4298e28790c..b92effdbce8 100644 --- a/2019/1xxx/CVE-2019-1165.json +++ b/2019/1xxx/CVE-2019-1165.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1165", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1165", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1189.json b/2019/1xxx/CVE-2019-1189.json index fca23a09011..9eec7da4bf6 100644 --- a/2019/1xxx/CVE-2019-1189.json +++ b/2019/1xxx/CVE-2019-1189.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1189", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1189", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1191.json b/2019/1xxx/CVE-2019-1191.json index def0cd9f7d7..5c73b112585 100644 --- a/2019/1xxx/CVE-2019-1191.json +++ b/2019/1xxx/CVE-2019-1191.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1191", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1191", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1207.json b/2019/1xxx/CVE-2019-1207.json index fe63a4eadcd..cfea80f4946 100644 --- a/2019/1xxx/CVE-2019-1207.json +++ b/2019/1xxx/CVE-2019-1207.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1207", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1207", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1210.json b/2019/1xxx/CVE-2019-1210.json index 44bd8465e5a..730a2194e79 100644 --- a/2019/1xxx/CVE-2019-1210.json +++ b/2019/1xxx/CVE-2019-1210.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1210", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1210", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1275.json b/2019/1xxx/CVE-2019-1275.json index bb7261614a0..f8507b1bba8 100644 --- a/2019/1xxx/CVE-2019-1275.json +++ b/2019/1xxx/CVE-2019-1275.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1275", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1275", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1276.json b/2019/1xxx/CVE-2019-1276.json index 8c36f539337..d918c5075c4 100644 --- a/2019/1xxx/CVE-2019-1276.json +++ b/2019/1xxx/CVE-2019-1276.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1276", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1276", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1279.json b/2019/1xxx/CVE-2019-1279.json index 3efd1f172f5..e89ea71373b 100644 --- a/2019/1xxx/CVE-2019-1279.json +++ b/2019/1xxx/CVE-2019-1279.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1279", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1279", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1281.json b/2019/1xxx/CVE-2019-1281.json index 96072025905..eba27117da5 100644 --- a/2019/1xxx/CVE-2019-1281.json +++ b/2019/1xxx/CVE-2019-1281.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1281", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1281", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1288.json b/2019/1xxx/CVE-2019-1288.json index b272499c7ee..62aa5014f1d 100644 --- a/2019/1xxx/CVE-2019-1288.json +++ b/2019/1xxx/CVE-2019-1288.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1288", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1288", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1304.json b/2019/1xxx/CVE-2019-1304.json index 4104b2d4492..d16da0bdfa3 100644 --- a/2019/1xxx/CVE-2019-1304.json +++ b/2019/1xxx/CVE-2019-1304.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1304", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1304", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1312.json b/2019/1xxx/CVE-2019-1312.json index b98a799e1b8..bddf0790435 100644 --- a/2019/1xxx/CVE-2019-1312.json +++ b/2019/1xxx/CVE-2019-1312.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1312", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1312", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1332.json b/2019/1xxx/CVE-2019-1332.json index fd9ad707025..484a1101d83 100644 --- a/2019/1xxx/CVE-2019-1332.json +++ b/2019/1xxx/CVE-2019-1332.json @@ -76,6 +76,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1332", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1332" + }, + { + "refsource": "MISC", + "name": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-1332-Cross-Site%20Scripting-Microsoft%20SQL%20Server%20Reporting%20Services", + "url": "https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-1332-Cross-Site%20Scripting-Microsoft%20SQL%20Server%20Reporting%20Services" } ] } diff --git a/2019/1xxx/CVE-2019-1348.json b/2019/1xxx/CVE-2019-1348.json index 0a46bfb4c07..d1bd561dfe2 100644 --- a/2019/1xxx/CVE-2019-1348.json +++ b/2019/1xxx/CVE-2019-1348.json @@ -1,17 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1348", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1348", + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft Corporation", + "product": { + "product_data": [ + { + "product_name": "Git", + "version": { + "version_data": [ + { + "version_value": "Before 2.24.1, 2.23.1, 2.22.2, 2.21.1, 2.20.2, 2.19.3, 2.18.2, 2.17.3, 2.16.6, 2.15.4, 2.14.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u", + "url": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u" + }, + { + "refsource": "MISC", + "name": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", + "url": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary paths." } ] } diff --git a/2019/1xxx/CVE-2019-1349.json b/2019/1xxx/CVE-2019-1349.json index 20fa586d935..4086a46b2aa 100644 --- a/2019/1xxx/CVE-2019-1349.json +++ b/2019/1xxx/CVE-2019-1349.json @@ -1,17 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1349", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1349", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017", + "version": { + "version_data": [ + { + "version_value": "15.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1350, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1349" + }, + { + "refsource": "MISC", + "name": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", + "url": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/" } ] } diff --git a/2019/1xxx/CVE-2019-1350.json b/2019/1xxx/CVE-2019-1350.json index c4cf44bf670..5d92c015646 100644 --- a/2019/1xxx/CVE-2019-1350.json +++ b/2019/1xxx/CVE-2019-1350.json @@ -1,17 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1350", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1350", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017", + "version": { + "version_data": [ + { + "version_value": "15.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1352, CVE-2019-1354, CVE-2019-1387." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1350", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1350" + }, + { + "refsource": "MISC", + "name": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", + "url": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/" } ] } diff --git a/2019/1xxx/CVE-2019-1351.json b/2019/1xxx/CVE-2019-1351.json index 504f5f0b50d..cb71e096a7d 100644 --- a/2019/1xxx/CVE-2019-1351.json +++ b/2019/1xxx/CVE-2019-1351.json @@ -1,17 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1351", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017", + "version": { + "version_data": [ + { + "version_value": "15.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A tampering vulnerability exists when Git for Visual Studio improperly handles virtual drive paths, aka 'Git for Visual Studio Tampering Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Tampering" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1351" + }, + { + "refsource": "MISC", + "name": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", + "url": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/" } ] } diff --git a/2019/1xxx/CVE-2019-1352.json b/2019/1xxx/CVE-2019-1352.json index 75cf95174f7..f40e41528c3 100644 --- a/2019/1xxx/CVE-2019-1352.json +++ b/2019/1xxx/CVE-2019-1352.json @@ -1,17 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1352", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017", + "version": { + "version_data": [ + { + "version_value": "15.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1354, CVE-2019-1387." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1352", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1352" + }, + { + "refsource": "MISC", + "name": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", + "url": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/" } ] } diff --git a/2019/1xxx/CVE-2019-1353.json b/2019/1xxx/CVE-2019-1353.json index b6ff951cef2..ef500271907 100644 --- a/2019/1xxx/CVE-2019-1353.json +++ b/2019/1xxx/CVE-2019-1353.json @@ -1,17 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1353", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1353", + "ASSIGNER": "secure@microsoft.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Microsoft Corporation", + "product": { + "product_data": [ + { + "product_name": "Git", + "version": { + "version_data": [ + { + "version_value": "Before 2.24.1, 2.23.1, 2.22.2, 2.21.1, 2.20.2, 2.19.3, 2.18.2, 2.17.3, 2.16.6, 2.15.4, 2.14.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u", + "url": "https://lore.kernel.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/T/#u" + }, + { + "refsource": "MISC", + "name": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", + "url": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as \"WSL\") while accessing a working directory on a regular Windows drive, none of the NTFS protections were active." } ] } diff --git a/2019/1xxx/CVE-2019-1354.json b/2019/1xxx/CVE-2019-1354.json index b3436d40db0..b424ac2e1e0 100644 --- a/2019/1xxx/CVE-2019-1354.json +++ b/2019/1xxx/CVE-2019-1354.json @@ -1,17 +1,96 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1354", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2017", + "version": { + "version_data": [ + { + "version_value": "15.0" + } + ] + } + }, + { + "product_name": "Microsoft Visual Studio 2019", + "version": { + "version_data": [ + { + "version_value": "16.0" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1354", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1354" + }, + { + "refsource": "MISC", + "name": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", + "url": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/" } ] } diff --git a/2019/1xxx/CVE-2019-1355.json b/2019/1xxx/CVE-2019-1355.json index 7bcd0d4a79e..71cdd8f2b65 100644 --- a/2019/1xxx/CVE-2019-1355.json +++ b/2019/1xxx/CVE-2019-1355.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1355", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1355", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1360.json b/2019/1xxx/CVE-2019-1360.json index f6abc198941..c2aa48c1cff 100644 --- a/2019/1xxx/CVE-2019-1360.json +++ b/2019/1xxx/CVE-2019-1360.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1360", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1360", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1377.json b/2019/1xxx/CVE-2019-1377.json index 030b22e028e..ff0866ddb68 100644 --- a/2019/1xxx/CVE-2019-1377.json +++ b/2019/1xxx/CVE-2019-1377.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1377", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1377", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1386.json b/2019/1xxx/CVE-2019-1386.json index 9f497bcadcc..e4837164dd5 100644 --- a/2019/1xxx/CVE-2019-1386.json +++ b/2019/1xxx/CVE-2019-1386.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1386", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1386", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1387.json b/2019/1xxx/CVE-2019-1387.json index 8651d2f1f76..a9cde854855 100644 --- a/2019/1xxx/CVE-2019-1387.json +++ b/2019/1xxx/CVE-2019-1387.json @@ -93,6 +93,21 @@ "refsource": "FEDORA", "name": "FEDORA-2019-1cec196e20", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N6UGTEOXWIYSM5KDZL74QD2GK6YQNQCP/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0124", + "url": "https://access.redhat.com/errata/RHSA-2020:0124" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200123 [SECURITY] [DLA 2059-1] git security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00019.html" + }, + { + "refsource": "MISC", + "name": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/", + "url": "https://public-inbox.org/git/xmqqr21cqcn9.fsf@gitster-ct.c.googlers.com/" } ] }, diff --git a/2019/1xxx/CVE-2019-1401.json b/2019/1xxx/CVE-2019-1401.json index 7b81866b1ac..f2afea3bc78 100644 --- a/2019/1xxx/CVE-2019-1401.json +++ b/2019/1xxx/CVE-2019-1401.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1401", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1401", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1403.json b/2019/1xxx/CVE-2019-1403.json index e932b012202..4f17abc30b2 100644 --- a/2019/1xxx/CVE-2019-1403.json +++ b/2019/1xxx/CVE-2019-1403.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1403", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1403", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1404.json b/2019/1xxx/CVE-2019-1404.json index cc5b708ef04..5e19dfff8ed 100644 --- a/2019/1xxx/CVE-2019-1404.json +++ b/2019/1xxx/CVE-2019-1404.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1404", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1404", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1410.json b/2019/1xxx/CVE-2019-1410.json index 654b4dc609b..02c406da3f6 100644 --- a/2019/1xxx/CVE-2019-1410.json +++ b/2019/1xxx/CVE-2019-1410.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1410", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1410", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1414.json b/2019/1xxx/CVE-2019-1414.json index f248f44aed6..e8c8cf62bd4 100644 --- a/2019/1xxx/CVE-2019-1414.json +++ b/2019/1xxx/CVE-2019-1414.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1414", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Visual Studio Code", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An elevation of privilege vulnerability exists in Visual Studio Code when it exposes a debug listener to users of a local computer, aka 'Visual Studio Code Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1414", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1414" } ] } diff --git a/2019/1xxx/CVE-2019-1421.json b/2019/1xxx/CVE-2019-1421.json index 43cbe7f5b89..3391b0a00d4 100644 --- a/2019/1xxx/CVE-2019-1421.json +++ b/2019/1xxx/CVE-2019-1421.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1421", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1421", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1431.json b/2019/1xxx/CVE-2019-1431.json index 0cbd75d8783..ecef738f532 100644 --- a/2019/1xxx/CVE-2019-1431.json +++ b/2019/1xxx/CVE-2019-1431.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1431", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1431", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1444.json b/2019/1xxx/CVE-2019-1444.json index ecdd7f1dd93..4747d61d4a9 100644 --- a/2019/1xxx/CVE-2019-1444.json +++ b/2019/1xxx/CVE-2019-1444.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1444", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1444", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1450.json b/2019/1xxx/CVE-2019-1450.json index 695a3b32068..ee6319082e8 100644 --- a/2019/1xxx/CVE-2019-1450.json +++ b/2019/1xxx/CVE-2019-1450.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1450", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1450", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1451.json b/2019/1xxx/CVE-2019-1451.json index c935774f7a9..0a2b646005f 100644 --- a/2019/1xxx/CVE-2019-1451.json +++ b/2019/1xxx/CVE-2019-1451.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1451", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1451", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1452.json b/2019/1xxx/CVE-2019-1452.json index e82744a34c0..c7e8879828d 100644 --- a/2019/1xxx/CVE-2019-1452.json +++ b/2019/1xxx/CVE-2019-1452.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1452", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1452", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1454.json b/2019/1xxx/CVE-2019-1454.json index 913bdf0ea36..19eac8e5498 100644 --- a/2019/1xxx/CVE-2019-1454.json +++ b/2019/1xxx/CVE-2019-1454.json @@ -1,17 +1,216 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1454", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1703 for 32-bit Systems" + }, + { + "version_value": "10 Version 1703 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1454", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1454" } ] } diff --git a/2019/1xxx/CVE-2019-1455.json b/2019/1xxx/CVE-2019-1455.json index 71c0de51150..40486b80df5 100644 --- a/2019/1xxx/CVE-2019-1455.json +++ b/2019/1xxx/CVE-2019-1455.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1455", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1455", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1459.json b/2019/1xxx/CVE-2019-1459.json index bef303c2572..c42c4d047e9 100644 --- a/2019/1xxx/CVE-2019-1459.json +++ b/2019/1xxx/CVE-2019-1459.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1459", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1459", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1460.json b/2019/1xxx/CVE-2019-1460.json index e1f21a1c91f..14315459a96 100644 --- a/2019/1xxx/CVE-2019-1460.json +++ b/2019/1xxx/CVE-2019-1460.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1460", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2019-1460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Outlook for Android", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages, aka 'Outlook for Android Spoofing Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1460", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1460" } ] } diff --git a/2019/1xxx/CVE-2019-1473.json b/2019/1xxx/CVE-2019-1473.json index 6e7ba137f6c..f802e59ded4 100644 --- a/2019/1xxx/CVE-2019-1473.json +++ b/2019/1xxx/CVE-2019-1473.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1473", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1473", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1475.json b/2019/1xxx/CVE-2019-1475.json index 5e38da8a344..bb753e42a31 100644 --- a/2019/1xxx/CVE-2019-1475.json +++ b/2019/1xxx/CVE-2019-1475.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1475", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1475", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1479.json b/2019/1xxx/CVE-2019-1479.json index 8c83e2ada1f..1510bad35df 100644 --- a/2019/1xxx/CVE-2019-1479.json +++ b/2019/1xxx/CVE-2019-1479.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1479", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1479", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1482.json b/2019/1xxx/CVE-2019-1482.json index a0490eacdf2..32d55dee562 100644 --- a/2019/1xxx/CVE-2019-1482.json +++ b/2019/1xxx/CVE-2019-1482.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1482", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1482", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1492.json b/2019/1xxx/CVE-2019-1492.json index d52c710092e..8556e535965 100644 --- a/2019/1xxx/CVE-2019-1492.json +++ b/2019/1xxx/CVE-2019-1492.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1492", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1492", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1493.json b/2019/1xxx/CVE-2019-1493.json index f5b9595a822..73c8a44f0da 100644 --- a/2019/1xxx/CVE-2019-1493.json +++ b/2019/1xxx/CVE-2019-1493.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1493", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1493", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1494.json b/2019/1xxx/CVE-2019-1494.json index 0a3de8a508d..790f952e3c0 100644 --- a/2019/1xxx/CVE-2019-1494.json +++ b/2019/1xxx/CVE-2019-1494.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1494", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1494", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1495.json b/2019/1xxx/CVE-2019-1495.json index 995b37924b0..a96d70d5c68 100644 --- a/2019/1xxx/CVE-2019-1495.json +++ b/2019/1xxx/CVE-2019-1495.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1495", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1495", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1496.json b/2019/1xxx/CVE-2019-1496.json index 04b6e858864..c724bc7a5d3 100644 --- a/2019/1xxx/CVE-2019-1496.json +++ b/2019/1xxx/CVE-2019-1496.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1496", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1496", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1497.json b/2019/1xxx/CVE-2019-1497.json index d7985fa9cf3..de4d7268094 100644 --- a/2019/1xxx/CVE-2019-1497.json +++ b/2019/1xxx/CVE-2019-1497.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1497", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1497", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1498.json b/2019/1xxx/CVE-2019-1498.json index cfef3efcc5d..c7d0ebef75c 100644 --- a/2019/1xxx/CVE-2019-1498.json +++ b/2019/1xxx/CVE-2019-1498.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1498", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1498", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1499.json b/2019/1xxx/CVE-2019-1499.json index 3d06c9fe50c..5465d07b0df 100644 --- a/2019/1xxx/CVE-2019-1499.json +++ b/2019/1xxx/CVE-2019-1499.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1499", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1499", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1500.json b/2019/1xxx/CVE-2019-1500.json index 847fe3ba551..35b344a5ce2 100644 --- a/2019/1xxx/CVE-2019-1500.json +++ b/2019/1xxx/CVE-2019-1500.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1500", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1500", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1501.json b/2019/1xxx/CVE-2019-1501.json index c3f43fce16f..b28e23bc3bb 100644 --- a/2019/1xxx/CVE-2019-1501.json +++ b/2019/1xxx/CVE-2019-1501.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1501", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1501", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1502.json b/2019/1xxx/CVE-2019-1502.json index d9ae95254b8..ecb4bd59b08 100644 --- a/2019/1xxx/CVE-2019-1502.json +++ b/2019/1xxx/CVE-2019-1502.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1502", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1502", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1503.json b/2019/1xxx/CVE-2019-1503.json index bd0e78ac5e6..a60676a06db 100644 --- a/2019/1xxx/CVE-2019-1503.json +++ b/2019/1xxx/CVE-2019-1503.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1503", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1503", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1504.json b/2019/1xxx/CVE-2019-1504.json index efd5d27e3da..3e4fbd168c9 100644 --- a/2019/1xxx/CVE-2019-1504.json +++ b/2019/1xxx/CVE-2019-1504.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1504", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1504", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1505.json b/2019/1xxx/CVE-2019-1505.json index 4e0c79490d8..b68d47ef200 100644 --- a/2019/1xxx/CVE-2019-1505.json +++ b/2019/1xxx/CVE-2019-1505.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1505", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1505", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1506.json b/2019/1xxx/CVE-2019-1506.json index 8b33043280a..433de8bf434 100644 --- a/2019/1xxx/CVE-2019-1506.json +++ b/2019/1xxx/CVE-2019-1506.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1506", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1506", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1507.json b/2019/1xxx/CVE-2019-1507.json index 48f5422df0a..d33887d80c2 100644 --- a/2019/1xxx/CVE-2019-1507.json +++ b/2019/1xxx/CVE-2019-1507.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1507", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1507", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1508.json b/2019/1xxx/CVE-2019-1508.json index 682685953dd..d3a8de8b1a2 100644 --- a/2019/1xxx/CVE-2019-1508.json +++ b/2019/1xxx/CVE-2019-1508.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1508", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1508", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1509.json b/2019/1xxx/CVE-2019-1509.json index 6de59acdce9..f4ac22e8f71 100644 --- a/2019/1xxx/CVE-2019-1509.json +++ b/2019/1xxx/CVE-2019-1509.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1509", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1509", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1510.json b/2019/1xxx/CVE-2019-1510.json index 83f10f719ff..17fe8f205a6 100644 --- a/2019/1xxx/CVE-2019-1510.json +++ b/2019/1xxx/CVE-2019-1510.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1510", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1510", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1511.json b/2019/1xxx/CVE-2019-1511.json index abc715b5e05..e31881e0ab5 100644 --- a/2019/1xxx/CVE-2019-1511.json +++ b/2019/1xxx/CVE-2019-1511.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1511", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1511", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1512.json b/2019/1xxx/CVE-2019-1512.json index afb13d134f9..b828c5f092c 100644 --- a/2019/1xxx/CVE-2019-1512.json +++ b/2019/1xxx/CVE-2019-1512.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1512", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1512", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1513.json b/2019/1xxx/CVE-2019-1513.json index bf537cc4753..e36d80088e6 100644 --- a/2019/1xxx/CVE-2019-1513.json +++ b/2019/1xxx/CVE-2019-1513.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1513", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1513", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1514.json b/2019/1xxx/CVE-2019-1514.json index 8b20f8046f6..e6f7945dd10 100644 --- a/2019/1xxx/CVE-2019-1514.json +++ b/2019/1xxx/CVE-2019-1514.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1514", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1514", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1515.json b/2019/1xxx/CVE-2019-1515.json index ded1dcd882b..8d5b4c3fe09 100644 --- a/2019/1xxx/CVE-2019-1515.json +++ b/2019/1xxx/CVE-2019-1515.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1515", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1515", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1516.json b/2019/1xxx/CVE-2019-1516.json index 669ebfe8b88..fcea0018f6c 100644 --- a/2019/1xxx/CVE-2019-1516.json +++ b/2019/1xxx/CVE-2019-1516.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1516", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1516", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1517.json b/2019/1xxx/CVE-2019-1517.json index ebda8489ed0..73f58da4437 100644 --- a/2019/1xxx/CVE-2019-1517.json +++ b/2019/1xxx/CVE-2019-1517.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1517", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1517", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1518.json b/2019/1xxx/CVE-2019-1518.json index 2b336aa56f9..0d7d57888f8 100644 --- a/2019/1xxx/CVE-2019-1518.json +++ b/2019/1xxx/CVE-2019-1518.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1518", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1518", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1519.json b/2019/1xxx/CVE-2019-1519.json index dc2c2a0bc22..abf2630c356 100644 --- a/2019/1xxx/CVE-2019-1519.json +++ b/2019/1xxx/CVE-2019-1519.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1519", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1519", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1520.json b/2019/1xxx/CVE-2019-1520.json index 7766274f9bc..cd5b0b0a285 100644 --- a/2019/1xxx/CVE-2019-1520.json +++ b/2019/1xxx/CVE-2019-1520.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1520", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1520", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1521.json b/2019/1xxx/CVE-2019-1521.json index 762b9e44e3a..6a88afa4093 100644 --- a/2019/1xxx/CVE-2019-1521.json +++ b/2019/1xxx/CVE-2019-1521.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1521", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1521", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1522.json b/2019/1xxx/CVE-2019-1522.json index 6e3d1370806..1990c10ae9b 100644 --- a/2019/1xxx/CVE-2019-1522.json +++ b/2019/1xxx/CVE-2019-1522.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1522", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1522", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1523.json b/2019/1xxx/CVE-2019-1523.json index adf3cfc9362..28be19f9e21 100644 --- a/2019/1xxx/CVE-2019-1523.json +++ b/2019/1xxx/CVE-2019-1523.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1523", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1523", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1524.json b/2019/1xxx/CVE-2019-1524.json index 6a15546b2ec..3697103b1bc 100644 --- a/2019/1xxx/CVE-2019-1524.json +++ b/2019/1xxx/CVE-2019-1524.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1524", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1524", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1525.json b/2019/1xxx/CVE-2019-1525.json index 7220548c200..fc1a47627ff 100644 --- a/2019/1xxx/CVE-2019-1525.json +++ b/2019/1xxx/CVE-2019-1525.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1525", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1525", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1526.json b/2019/1xxx/CVE-2019-1526.json index eaa69b7c0f2..4acfbf4a890 100644 --- a/2019/1xxx/CVE-2019-1526.json +++ b/2019/1xxx/CVE-2019-1526.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1526", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1526", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1527.json b/2019/1xxx/CVE-2019-1527.json index 119888b8cf7..53beb6279aa 100644 --- a/2019/1xxx/CVE-2019-1527.json +++ b/2019/1xxx/CVE-2019-1527.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1527", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1527", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1528.json b/2019/1xxx/CVE-2019-1528.json index 15fbdea5af8..8b2ef56fc83 100644 --- a/2019/1xxx/CVE-2019-1528.json +++ b/2019/1xxx/CVE-2019-1528.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1528", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1528", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1529.json b/2019/1xxx/CVE-2019-1529.json index c56e82203dc..111532a745a 100644 --- a/2019/1xxx/CVE-2019-1529.json +++ b/2019/1xxx/CVE-2019-1529.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1529", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1529", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1530.json b/2019/1xxx/CVE-2019-1530.json index 165293d2049..211e762c99a 100644 --- a/2019/1xxx/CVE-2019-1530.json +++ b/2019/1xxx/CVE-2019-1530.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1530", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1530", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1531.json b/2019/1xxx/CVE-2019-1531.json index 508f2d0de90..ae5c376e64b 100644 --- a/2019/1xxx/CVE-2019-1531.json +++ b/2019/1xxx/CVE-2019-1531.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1531", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1531", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1532.json b/2019/1xxx/CVE-2019-1532.json index 6a21112c8b1..69abd3e2ab3 100644 --- a/2019/1xxx/CVE-2019-1532.json +++ b/2019/1xxx/CVE-2019-1532.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1532", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1532", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1533.json b/2019/1xxx/CVE-2019-1533.json index d013a451455..91830f678ba 100644 --- a/2019/1xxx/CVE-2019-1533.json +++ b/2019/1xxx/CVE-2019-1533.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1533", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1533", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1534.json b/2019/1xxx/CVE-2019-1534.json index 336b75091dc..925a77532e8 100644 --- a/2019/1xxx/CVE-2019-1534.json +++ b/2019/1xxx/CVE-2019-1534.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-1534", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-1534", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none." } ] } diff --git a/2019/1xxx/CVE-2019-1547.json b/2019/1xxx/CVE-2019-1547.json index fe2e4a136e3..2ee34f8e513 100644 --- a/2019/1xxx/CVE-2019-1547.json +++ b/2019/1xxx/CVE-2019-1547.json @@ -192,6 +192,16 @@ "refsource": "CONFIRM", "name": "https://www.tenable.com/security/tns-2019-09", "url": "https://www.tenable.com/security/tns-2019-09" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2019/1xxx/CVE-2019-1549.json b/2019/1xxx/CVE-2019-1549.json index fb959235816..ed34f3e5bc3 100644 --- a/2019/1xxx/CVE-2019-1549.json +++ b/2019/1xxx/CVE-2019-1549.json @@ -116,6 +116,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/1xxx/CVE-2019-1551.json b/2019/1xxx/CVE-2019-1551.json index 80808a229bc..acb87074fcd 100644 --- a/2019/1xxx/CVE-2019-1551.json +++ b/2019/1xxx/CVE-2019-1551.json @@ -114,6 +114,11 @@ "refsource": "CONFIRM", "name": "https://www.tenable.com/security/tns-2019-09", "url": "https://www.tenable.com/security/tns-2019-09" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0062", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00030.html" } ] } diff --git a/2019/1xxx/CVE-2019-1552.json b/2019/1xxx/CVE-2019-1552.json index 94fdb4edf41..991f4cc29c5 100644 --- a/2019/1xxx/CVE-2019-1552.json +++ b/2019/1xxx/CVE-2019-1552.json @@ -142,6 +142,11 @@ "refsource": "CONFIRM", "name": "https://www.tenable.com/security/tns-2019-09", "url": "https://www.tenable.com/security/tns-2019-09" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/1xxx/CVE-2019-1559.json b/2019/1xxx/CVE-2019-1559.json index de9e558738b..b2fe63e889c 100644 --- a/2019/1xxx/CVE-2019-1559.json +++ b/2019/1xxx/CVE-2019-1559.json @@ -231,6 +231,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3931", "url": "https://access.redhat.com/errata/RHSA-2019:3931" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/1xxx/CVE-2019-1563.json b/2019/1xxx/CVE-2019-1563.json index 44456564cf5..1ffaa475d9a 100644 --- a/2019/1xxx/CVE-2019-1563.json +++ b/2019/1xxx/CVE-2019-1563.json @@ -182,6 +182,11 @@ "refsource": "CONFIRM", "name": "https://www.tenable.com/security/tns-2019-09", "url": "https://www.tenable.com/security/tns-2019-09" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/20xxx/CVE-2019-20003.json b/2019/20xxx/CVE-2019-20003.json index ef7435b7f3f..7506ca29b02 100644 --- a/2019/20xxx/CVE-2019-20003.json +++ b/2019/20xxx/CVE-2019-20003.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20003", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20003", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Feldtech easescreen Crystal 9.0 Web-Services 9.0.1.16265 allows Stored XSS via the Debug-Log and Display-Log components. This could be exploited when an attacker sends an crafted string for FTP authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://easescreen.com/en/", + "refsource": "MISC", + "name": "https://easescreen.com/en/" + }, + { + "refsource": "MISC", + "name": "https://github.com/0xedh/someshit/blob/master/CVE-2019-20003.md", + "url": "https://github.com/0xedh/someshit/blob/master/CVE-2019-20003.md" } ] } diff --git a/2019/20xxx/CVE-2019-20009.json b/2019/20xxx/CVE-2019-20009.json index ab71b458d1a..57c2a3c9186 100644 --- a/2019/20xxx/CVE-2019-20009.json +++ b/2019/20xxx/CVE-2019-20009.json @@ -66,6 +66,16 @@ "url": "https://github.com/LibreDWG/libredwg/issues/176#issue-541977765", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/176#issue-541977765" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/20xxx/CVE-2019-20010.json b/2019/20xxx/CVE-2019-20010.json index 78d31cb3efc..4f601a1fc2e 100644 --- a/2019/20xxx/CVE-2019-20010.json +++ b/2019/20xxx/CVE-2019-20010.json @@ -61,6 +61,16 @@ "url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643383", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643383" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/20xxx/CVE-2019-20011.json b/2019/20xxx/CVE-2019-20011.json index a7317d04b02..e9b07669e56 100644 --- a/2019/20xxx/CVE-2019-20011.json +++ b/2019/20xxx/CVE-2019-20011.json @@ -61,6 +61,16 @@ "url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643439", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643439" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/20xxx/CVE-2019-20012.json b/2019/20xxx/CVE-2019-20012.json index ebdbc17f463..c3cf51b8545 100644 --- a/2019/20xxx/CVE-2019-20012.json +++ b/2019/20xxx/CVE-2019-20012.json @@ -61,6 +61,16 @@ "url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643088", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643088" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/20xxx/CVE-2019-20013.json b/2019/20xxx/CVE-2019-20013.json index cbde2703701..e0d7dcf4177 100644 --- a/2019/20xxx/CVE-2019-20013.json +++ b/2019/20xxx/CVE-2019-20013.json @@ -66,6 +66,16 @@ "url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643060", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643060" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/20xxx/CVE-2019-20014.json b/2019/20xxx/CVE-2019-20014.json index 8aab4daddb7..65688d788b9 100644 --- a/2019/20xxx/CVE-2019-20014.json +++ b/2019/20xxx/CVE-2019-20014.json @@ -66,6 +66,16 @@ "url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643172", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643172" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/20xxx/CVE-2019-20015.json b/2019/20xxx/CVE-2019-20015.json index 71c967cef96..d46d9e9b174 100644 --- a/2019/20xxx/CVE-2019-20015.json +++ b/2019/20xxx/CVE-2019-20015.json @@ -61,6 +61,16 @@ "url": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643028", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/176#issuecomment-568643028" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/20xxx/CVE-2019-20041.json b/2019/20xxx/CVE-2019-20041.json index fce7f796eb1..58577af2991 100644 --- a/2019/20xxx/CVE-2019-20041.json +++ b/2019/20xxx/CVE-2019-20041.json @@ -71,6 +71,11 @@ "refsource": "DEBIAN", "name": "DSA-4599", "url": "https://www.debian.org/security/2020/dsa-4599" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200114 [SECURITY] [DLA 2067-1] wordpress security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00010.html" } ] } diff --git a/2019/20xxx/CVE-2019-20042.json b/2019/20xxx/CVE-2019-20042.json index e4fb0df9da8..ab6299e1ed9 100644 --- a/2019/20xxx/CVE-2019-20042.json +++ b/2019/20xxx/CVE-2019-20042.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "WordPress before 5.3.1 allowed an attacker to create a cross-site scripting attack (XSS) in well crafted links, because of an insufficient protection mechanism in wp_targeted_link_rel in wp-includes/formatting.php." + "value": "In wp-includes/formatting.php in WordPress 3.7 to 5.3.0, the function wp_targeted_link_rel() can be used in a particular way to result in a stored cross-site scripting (XSS) vulnerability. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release." } ] }, @@ -86,6 +86,16 @@ "refsource": "DEBIAN", "name": "DSA-4599", "url": "https://www.debian.org/security/2020/dsa-4599" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xvg2-m2f4-83m7", + "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xvg2-m2f4-83m7" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/509930", + "url": "https://hackerone.com/reports/509930" } ] } diff --git a/2019/20xxx/CVE-2019-20043.json b/2019/20xxx/CVE-2019-20043.json index fef5b6f8b92..3a80f262f25 100644 --- a/2019/20xxx/CVE-2019-20043.json +++ b/2019/20xxx/CVE-2019-20043.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "WordPress before 5.3.1 allowed an unauthenticated user to make a post sticky through the REST API because of missing access control in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php." + "value": "In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php in WordPress 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that. This has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release." } ] }, @@ -81,6 +81,11 @@ "refsource": "DEBIAN", "name": "DSA-4599", "url": "https://www.debian.org/security/2020/dsa-4599" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw", + "url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw" } ] } diff --git a/2019/20xxx/CVE-2019-20093.json b/2019/20xxx/CVE-2019-20093.json index 74d53a287e8..ee083924506 100644 --- a/2019/20xxx/CVE-2019-20093.json +++ b/2019/20xxx/CVE-2019-20093.json @@ -56,6 +56,16 @@ "url": "https://sourceforge.net/p/podofo/tickets/75/", "refsource": "MISC", "name": "https://sourceforge.net/p/podofo/tickets/75/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-968a89619e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHFOCBZCF3GX7A6FWE3JM7P37TQWGINJ/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-dd79b615cd", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTB2J5XWOEGAJYR2N66GAECUIKDG6O2S/" } ] } diff --git a/2019/20xxx/CVE-2019-20097.json b/2019/20xxx/CVE-2019-20097.json index 27b2502d21c..63ac9037ccc 100644 --- a/2019/20xxx/CVE-2019-20097.json +++ b/2019/20xxx/CVE-2019-20097.json @@ -1,17 +1,242 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2020-01-15T10:00:00", "ID": "CVE-2019-20097", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bitbucket Server", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": ">=" + }, + { + "version_value": "5.16.11", + "version_affected": "<" + }, + { + "version_value": "6.0", + "version_affected": ">=" + }, + { + "version_value": "6.0.11", + "version_affected": "<" + }, + { + "version_value": "6.1.0", + "version_affected": ">=" + }, + { + "version_value": "6.1.9", + "version_affected": "<" + }, + { + "version_value": "6.2.0", + "version_affected": ">=" + }, + { + "version_value": "6.2.7", + "version_affected": "<" + }, + { + "version_value": "6.3.0", + "version_affected": ">=" + }, + { + "version_value": "6.3.6", + "version_affected": "<" + }, + { + "version_value": "6.4.0", + "version_affected": ">=" + }, + { + "version_value": "6.4.4", + "version_affected": "<" + }, + { + "version_value": "6.5.0", + "version_affected": ">=" + }, + { + "version_value": "6.5.3", + "version_affected": "<" + }, + { + "version_value": "6.6.0", + "version_affected": ">=" + }, + { + "version_value": "6.6.3", + "version_affected": "<" + }, + { + "version_value": "6.7.0", + "version_affected": ">=" + }, + { + "version_value": "6.7.3", + "version_affected": "<" + }, + { + "version_value": "6.8.0", + "version_affected": ">=" + }, + { + "version_value": "6.8.2", + "version_affected": "<" + }, + { + "version_value": "6.9.0", + "version_affected": ">=" + }, + { + "version_value": "6.9.1", + "version_affected": "<" + } + ] + } + }, + { + "product_name": "Bitbucket Data Center", + "version": { + "version_data": [ + { + "version_value": "1.0", + "version_affected": ">=" + }, + { + "version_value": "5.16.11", + "version_affected": "<" + }, + { + "version_value": "6.0", + "version_affected": ">=" + }, + { + "version_value": "6.0.11", + "version_affected": "<" + }, + { + "version_value": "6.1.0", + "version_affected": ">=" + }, + { + "version_value": "6.1.9", + "version_affected": "<" + }, + { + "version_value": "6.2.0", + "version_affected": ">=" + }, + { + "version_value": "6.2.7", + "version_affected": "<" + }, + { + "version_value": "6.3.0", + "version_affected": ">=" + }, + { + "version_value": "6.3.6", + "version_affected": "<" + }, + { + "version_value": "6.4.0", + "version_affected": ">=" + }, + { + "version_value": "6.4.4", + "version_affected": "<" + }, + { + "version_value": "6.5.0", + "version_affected": ">=" + }, + { + "version_value": "6.5.3", + "version_affected": "<" + }, + { + "version_value": "6.6.0", + "version_affected": ">=" + }, + { + "version_value": "6.6.3", + "version_affected": "<" + }, + { + "version_value": "6.7.0", + "version_affected": ">=" + }, + { + "version_value": "6.7.3", + "version_affected": "<" + }, + { + "version_value": "6.8.0", + "version_affected": ">=" + }, + { + "version_value": "6.8.2", + "version_affected": "<" + }, + { + "version_value": "6.9.0", + "version_affected": ">=" + }, + { + "version_value": "6.9.1", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Bitbucket Server and Bitbucket Data Center versions starting from 1.0.0 before 5.16.11, from version 6.0.0 before 6.0.11, from version 6.1.0 before 6.1.9, from version 6.2.0 before 6.2.7, from version 6.3.0 before 6.3.6, from version 6.4.0 before 6.4.4, from version 6.5.0 before 6.5.3, from version 6.6.0 before 6.6.3, from version 6.7.0 before 6.7.3, from version 6.8.0 before 6.8.2, from version 6.9.0 before 6.9.1 had a Remote Code Execution vulnerability via the post-receive hook. A remote attacker with permission to clone and push files to a repository on the victim's Bitbucket Server or Bitbucket Data Center instance, can exploit this vulnerability to execute arbitrary commands on the Bitbucket Server or Bitbucket Data Center systems, using a file with specially crafted content." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Argument Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.atlassian.com/browse/BSERV-12099", + "refsource": "MISC", + "name": "https://jira.atlassian.com/browse/BSERV-12099" } ] } diff --git a/2019/20xxx/CVE-2019-20142.json b/2019/20xxx/CVE-2019-20142.json index f2e856a889e..bc4fc522a58 100644 --- a/2019/20xxx/CVE-2019-20142.json +++ b/2019/20xxx/CVE-2019-20142.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20142", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20142", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.3 through 12.6.1. It allows Denial of Service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/", + "url": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/" } ] } diff --git a/2019/20xxx/CVE-2019-20143.json b/2019/20xxx/CVE-2019-20143.json index b82081223db..77d9cb80c5b 100644 --- a/2019/20xxx/CVE-2019-20143.json +++ b/2019/20xxx/CVE-2019-20143.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20143", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20143", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 12.6. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/", + "url": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/" } ] } diff --git a/2019/20xxx/CVE-2019-20144.json b/2019/20xxx/CVE-2019-20144.json index 33fcc3599ba..d3633a8ee21 100644 --- a/2019/20xxx/CVE-2019-20144.json +++ b/2019/20xxx/CVE-2019-20144.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20144", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20144", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 10.8 through 12.6.1. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/", + "url": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/" } ] } diff --git a/2019/20xxx/CVE-2019-20145.json b/2019/20xxx/CVE-2019-20145.json index 916d9e8cafd..495363e2c41 100644 --- a/2019/20xxx/CVE-2019-20145.json +++ b/2019/20xxx/CVE-2019-20145.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20145", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20145", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.4 through 12.6.1. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/", + "url": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/" } ] } diff --git a/2019/20xxx/CVE-2019-20146.json b/2019/20xxx/CVE-2019-20146.json index 5950e46dd82..eb4812689d5 100644 --- a/2019/20xxx/CVE-2019-20146.json +++ b/2019/20xxx/CVE-2019-20146.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20146", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20146", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 11.0 through 12.6. It allows Uncontrolled Resource Consumption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/", + "url": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/" } ] } diff --git a/2019/20xxx/CVE-2019-20147.json b/2019/20xxx/CVE-2019-20147.json index 21c3718909d..7c52e3ac7f5 100644 --- a/2019/20xxx/CVE-2019-20147.json +++ b/2019/20xxx/CVE-2019-20147.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20147", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20147", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 9.1 through 12.6.1. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/", + "url": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/" } ] } diff --git a/2019/20xxx/CVE-2019-20148.json b/2019/20xxx/CVE-2019-20148.json index 7dbe60f008b..79c42165914 100644 --- a/2019/20xxx/CVE-2019-20148.json +++ b/2019/20xxx/CVE-2019-20148.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20148", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20148", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 8.13 through 12.6.1. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/", + "url": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/" } ] } diff --git a/2019/20xxx/CVE-2019-20161.json b/2019/20xxx/CVE-2019-20161.json index 9075239bb06..7e172c23d03 100644 --- a/2019/20xxx/CVE-2019-20161.json +++ b/2019/20xxx/CVE-2019-20161.json @@ -56,6 +56,11 @@ "url": "https://github.com/gpac/gpac/issues/1320", "refsource": "MISC", "name": "https://github.com/gpac/gpac/issues/1320" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html" } ] } diff --git a/2019/20xxx/CVE-2019-20162.json b/2019/20xxx/CVE-2019-20162.json index 8b41273b012..57f1a8e0564 100644 --- a/2019/20xxx/CVE-2019-20162.json +++ b/2019/20xxx/CVE-2019-20162.json @@ -56,6 +56,11 @@ "url": "https://github.com/gpac/gpac/issues/1327", "refsource": "MISC", "name": "https://github.com/gpac/gpac/issues/1327" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html" } ] } diff --git a/2019/20xxx/CVE-2019-20163.json b/2019/20xxx/CVE-2019-20163.json index 3d09633f087..b2719819377 100644 --- a/2019/20xxx/CVE-2019-20163.json +++ b/2019/20xxx/CVE-2019-20163.json @@ -56,6 +56,11 @@ "url": "https://github.com/gpac/gpac/issues/1335", "refsource": "MISC", "name": "https://github.com/gpac/gpac/issues/1335" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html" } ] } diff --git a/2019/20xxx/CVE-2019-20165.json b/2019/20xxx/CVE-2019-20165.json index 1bb6b3a99cc..32cd6dfd721 100644 --- a/2019/20xxx/CVE-2019-20165.json +++ b/2019/20xxx/CVE-2019-20165.json @@ -56,6 +56,11 @@ "url": "https://github.com/gpac/gpac/issues/1338", "refsource": "MISC", "name": "https://github.com/gpac/gpac/issues/1338" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html" } ] } diff --git a/2019/20xxx/CVE-2019-20170.json b/2019/20xxx/CVE-2019-20170.json index 19d008702ff..eb4c1eaeb02 100644 --- a/2019/20xxx/CVE-2019-20170.json +++ b/2019/20xxx/CVE-2019-20170.json @@ -56,6 +56,11 @@ "url": "https://github.com/gpac/gpac/issues/1328", "refsource": "MISC", "name": "https://github.com/gpac/gpac/issues/1328" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html" } ] } diff --git a/2019/20xxx/CVE-2019-20171.json b/2019/20xxx/CVE-2019-20171.json index eee0c759512..0f93c2bb0d1 100644 --- a/2019/20xxx/CVE-2019-20171.json +++ b/2019/20xxx/CVE-2019-20171.json @@ -56,6 +56,11 @@ "url": "https://github.com/gpac/gpac/issues/1337", "refsource": "MISC", "name": "https://github.com/gpac/gpac/issues/1337" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html" } ] } diff --git a/2019/20xxx/CVE-2019-20204.json b/2019/20xxx/CVE-2019-20204.json index bfed6577496..4affca536ed 100644 --- a/2019/20xxx/CVE-2019-20204.json +++ b/2019/20xxx/CVE-2019-20204.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://wpvulndb.com/vulnerabilities/10002", "url": "https://wpvulndb.com/vulnerabilities/10002" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155973/WordPress-Postie-1.9.40-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/155973/WordPress-Postie-1.9.40-Cross-Site-Scripting.html" } ] } diff --git a/2019/20xxx/CVE-2019-20208.json b/2019/20xxx/CVE-2019-20208.json index 631a5deed55..ae50740c2f6 100644 --- a/2019/20xxx/CVE-2019-20208.json +++ b/2019/20xxx/CVE-2019-20208.json @@ -56,6 +56,11 @@ "url": "https://github.com/gpac/gpac/issues/1348", "refsource": "MISC", "name": "https://github.com/gpac/gpac/issues/1348" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200120 [SECURITY] [DLA 2072-1] gpac security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html" } ] } diff --git a/2019/20xxx/CVE-2019-20209.json b/2019/20xxx/CVE-2019-20209.json index 8df84241948..88d29cf8f7e 100644 --- a/2019/20xxx/CVE-2019-20209.json +++ b/2019/20xxx/CVE-2019-20209.json @@ -1,17 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20209", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20209", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727", + "refsource": "MISC", + "name": "https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727" + }, + { + "url": "https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571", + "refsource": "MISC", + "name": "https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571" + }, + { + "url": "https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622", + "refsource": "MISC", + "name": "https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10013", + "url": "https://wpvulndb.com/vulnerabilities/10013" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10014", + "url": "https://wpvulndb.com/vulnerabilities/10014" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10018", + "url": "https://wpvulndb.com/vulnerabilities/10018" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120111", + "url": "https://cxsecurity.com/issue/WLB-2019120111" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120112", + "url": "https://cxsecurity.com/issue/WLB-2019120112" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120110", + "url": "https://cxsecurity.com/issue/WLB-2019120110" } ] } diff --git a/2019/20xxx/CVE-2019-20210.json b/2019/20xxx/CVE-2019-20210.json index ef56be41895..2b92391b99d 100644 --- a/2019/20xxx/CVE-2019-20210.json +++ b/2019/20xxx/CVE-2019-20210.json @@ -1,17 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20210", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20210", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727", + "refsource": "MISC", + "name": "https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727" + }, + { + "url": "https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571", + "refsource": "MISC", + "name": "https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571" + }, + { + "url": "https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622", + "refsource": "MISC", + "name": "https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10013", + "url": "https://wpvulndb.com/vulnerabilities/10013" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10014", + "url": "https://wpvulndb.com/vulnerabilities/10014" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10018", + "url": "https://wpvulndb.com/vulnerabilities/10018" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120111", + "url": "https://cxsecurity.com/issue/WLB-2019120111" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120112", + "url": "https://cxsecurity.com/issue/WLB-2019120112" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120110", + "url": "https://cxsecurity.com/issue/WLB-2019120110" } ] } diff --git a/2019/20xxx/CVE-2019-20211.json b/2019/20xxx/CVE-2019-20211.json index bc3d224ffbd..b67588cc9e5 100644 --- a/2019/20xxx/CVE-2019-20211.json +++ b/2019/20xxx/CVE-2019-20211.json @@ -1,17 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20211", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20211", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727", + "refsource": "MISC", + "name": "https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727" + }, + { + "url": "https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571", + "refsource": "MISC", + "name": "https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571" + }, + { + "url": "https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622", + "refsource": "MISC", + "name": "https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10013", + "url": "https://wpvulndb.com/vulnerabilities/10013" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10014", + "url": "https://wpvulndb.com/vulnerabilities/10014" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10018", + "url": "https://wpvulndb.com/vulnerabilities/10018" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120111", + "url": "https://cxsecurity.com/issue/WLB-2019120111" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120112", + "url": "https://cxsecurity.com/issue/WLB-2019120112" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120110", + "url": "https://cxsecurity.com/issue/WLB-2019120110" } ] } diff --git a/2019/20xxx/CVE-2019-20212.json b/2019/20xxx/CVE-2019-20212.json index 2cb83295e13..e2becbc1fef 100644 --- a/2019/20xxx/CVE-2019-20212.json +++ b/2019/20xxx/CVE-2019-20212.json @@ -1,17 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20212", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20212", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727", + "refsource": "MISC", + "name": "https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727" + }, + { + "url": "https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571", + "refsource": "MISC", + "name": "https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571" + }, + { + "url": "https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622", + "refsource": "MISC", + "name": "https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10013", + "url": "https://wpvulndb.com/vulnerabilities/10013" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10014", + "url": "https://wpvulndb.com/vulnerabilities/10014" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10018", + "url": "https://wpvulndb.com/vulnerabilities/10018" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120111", + "url": "https://cxsecurity.com/issue/WLB-2019120111" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120112", + "url": "https://cxsecurity.com/issue/WLB-2019120112" + }, + { + "refsource": "MISC", + "name": "https://cxsecurity.com/issue/WLB-2019120110", + "url": "https://cxsecurity.com/issue/WLB-2019120110" } ] } diff --git a/2019/20xxx/CVE-2019-20224.json b/2019/20xxx/CVE-2019-20224.json index 1a84c2506af..634c5555c8e 100644 --- a/2019/20xxx/CVE-2019-20224.json +++ b/2019/20xxx/CVE-2019-20224.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request." + "value": "netflow_get_stats in functions_netflow.php in Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the ip_src parameter in an index.php?operation/netflow/nf_live_view request. This issue has been fixed in Pandora FMS 7.0 NG 742." } ] }, @@ -66,6 +66,16 @@ "refsource": "MISC", "name": "https://shells.systems/pandorafms-v7-0ng-authenticated-remote-code-execution-cve-2019-20224/", "url": "https://shells.systems/pandorafms-v7-0ng-authenticated-remote-code-execution-cve-2019-20224/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155897/Pandora-7.0NG-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155897/Pandora-7.0NG-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "https://pandorafms.com/downloads/solved-pandorafms-742.mp4", + "url": "https://pandorafms.com/downloads/solved-pandorafms-742.mp4" } ] } diff --git a/2019/20xxx/CVE-2019-20327.json b/2019/20xxx/CVE-2019-20327.json index 9d5a02ec12f..44f40af340a 100644 --- a/2019/20xxx/CVE-2019-20327.json +++ b/2019/20xxx/CVE-2019-20327.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-20327", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-20327", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure permissions in cwrapper_perl in Centreon Infrastructure Monitoring Software through 19.10 allow local attackers to gain privileges. (cwrapper_perl is a setuid executable allowing execution of Perl scripts with root privileges.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.centreon.com/en/", + "refsource": "MISC", + "name": "https://www.centreon.com/en/" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/Diefunction/9237f46b8659a65ab08de8ec9c258139", + "url": "https://gist.github.com/Diefunction/9237f46b8659a65ab08de8ec9c258139" } ] } diff --git a/2019/20xxx/CVE-2019-20330.json b/2019/20xxx/CVE-2019-20330.json index 108b3767c97..694e7c19379 100644 --- a/2019/20xxx/CVE-2019-20330.json +++ b/2019/20xxx/CVE-2019-20330.json @@ -61,6 +61,126 @@ "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2", "refsource": "MISC", "name": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.10.1...jackson-databind-2.9.10.2" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200114 [GitHub] [druid] ccaominh opened a new pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1", + "url": "https://lists.apache.org/thread.html/rd6c6fef14944f3dcfb58d35f9317eb1c32a700e86c1b5231e45d3d0b@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9189: Suppress CVE-2019-20330 for htrace-core-4.0.1", + "url": "https://lists.apache.org/thread.html/rb532fed78d031fff477fd840b81946f6d1200f93a63698dae65aa528@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [GitHub] [druid] ccaominh opened a new pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)", + "url": "https://lists.apache.org/thread.html/r5c3644c97f0434d1ceb48ff48897a67bdbf3baf7efbe7d04625425b3@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [GitHub] [druid] clintropolis merged pull request #9191: [Backport] Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189)", + "url": "https://lists.apache.org/thread.html/r7fb123e7dad49af5886cfec7135c0fd5b74e4c67af029e1dc91ba744@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200115 [druid] branch 0.17.0 updated: Suppress CVE-2019-20330 for htrace-core-4.0.1 (#9189) (#9191)", + "url": "https://lists.apache.org/thread.html/r392099ed2757ff2e383b10440594e914d080511d7da1c8fed0612c1f@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-dev] 20200118 Build failed in Jenkins: zookeeper-master-maven-owasp #329", + "url": "https://lists.apache.org/thread.html/r107c8737db39ec9ec4f4e7147b249e29be79170b9ef4b80528105a2d@%3Cdev.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-dev] 20200118 [jira] [Created] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r5c14fdcabdeaba258857bcb67198652e4dce1d33ddc590cd81d82393@%3Cdev.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200118 [jira] [Created] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r909c822409a276ba04dc2ae31179b16f6864ba02c4f9911bdffebf95@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200118 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r5d3d10fdf28110da3f9ac1b7d08d7e252f98d7d37ce0a6bd139a2e4f@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200122 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r50f513772f12e1babf65c7c2b9c16425bac2d945351879e2e267517f@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-dev] 20200122 Re: 3.5.7", + "url": "https://lists.apache.org/thread.html/ra8a80dbc7319916946397823aec0d893d24713cbf7b5aee0e957298c@%3Cdev.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200122 [jira] [Assigned] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/rfa57d9c2a27d3af14c69607fb1a3da00e758b2092aa88eb6a51b6e99@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20200122 [GitHub] [zookeeper] phunt commented on issue #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/ra2e572f568de8df5ba151e6aebb225a0629faaf0476bf7c7ed877af8@%3Cnotifications.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200122 [jira] [Updated] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r428735963bee7cb99877b88d3228e28ec28af64646455c4f3e7a3c94@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20200122 [GitHub] [zookeeper] phunt opened a new pull request #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/ra5ce96faec37c26b0aa15b4b6a8b1cbb145a748653e56ae83e9685d0@%3Cnotifications.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200123 [jira] [Commented] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/rd1f346227e11fc515914f3a7b20d81543e51e5822ba71baa0452634a@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20200123 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r7a0821b44247a1e6c6fe5f2943b90ebc4f80a8d1fb0aa9a8b29a59a2@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20200123 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r67f4d4c48197454b83d62afbed8bebbda3764e6e3a6e26a848961764@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200123 [jira] [Resolved] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r707d23bb9ee245f50aa909add0da6e8d8f24719b1278ddd99d2428b2@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20200123 [GitHub] [zookeeper] asfgit closed pull request #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/rd49cfa41bbb71ef33b53736a6af2aa8ba88c2106e30f2a34902a87d2@%3Cnotifications.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-notifications] 20200123 [GitHub] [zookeeper] nkalmar commented on issue #1232: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r2c77dd6ab8344285bd8e481b57cf3029965a4b0036eefccef74cdd44@%3Cnotifications.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-issues] 20200123 [jira] [Updated] (ZOOKEEPER-3699) upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r3f8180d0d25a7c6473ebb9714b0c1d19a73f455ae70d0c5fefc17e6c@%3Cissues.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20200123 [zookeeper] branch master updated: ZOOKEEPER-3699: upgrade jackson-databind to address CVE-2019-20330", + "url": "https://lists.apache.org/thread.html/r8831b7fa5ca87a1cf23ee08d6dedb7877a964c1d2bd869af24056a63@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200127-0004/", + "url": "https://security.netapp.com/advisory/ntap-20200127-0004/" } ] } diff --git a/2019/20xxx/CVE-2019-20357.json b/2019/20xxx/CVE-2019-20357.json index d937e84c769..f606f659749 100644 --- a/2019/20xxx/CVE-2019-20357.json +++ b/2019/20xxx/CVE-2019-20357.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", "ID": "CVE-2019-20357", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Security (Consumer)", + "version": { + "version_data": [ + { + "version_value": "2019 (v15) and 2020 (v16) " + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Persistent Arbitrary Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx", + "refsource": "MISC", + "name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx" + }, + { + "url": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt", + "refsource": "MISC", + "name": "http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 Trend Micro Security (Consumer) Multiple Products Persistent Arbitrary Code Execution CVE-2019-20357", + "url": "https://seclists.org/bugtraq/2020/Jan/28" } ] } diff --git a/2019/20xxx/CVE-2019-20367.json b/2019/20xxx/CVE-2019-20367.json index 57db216a8a8..8af648cd6d7 100644 --- a/2019/20xxx/CVE-2019-20367.json +++ b/2019/20xxx/CVE-2019-20367.json @@ -61,6 +61,11 @@ "url": "https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b", "refsource": "MISC", "name": "https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b" + }, + { + "refsource": "UBUNTU", + "name": "USN-4243-1", + "url": "https://usn.ubuntu.com/4243-1/" } ] } diff --git a/2019/20xxx/CVE-2019-20372.json b/2019/20xxx/CVE-2019-20372.json index 7df973615e1..6ce84b7e4fa 100644 --- a/2019/20xxx/CVE-2019-20372.json +++ b/2019/20xxx/CVE-2019-20372.json @@ -71,6 +71,26 @@ "url": "https://github.com/kubernetes/ingress-nginx/pull/4859", "refsource": "MISC", "name": "https://github.com/kubernetes/ingress-nginx/pull/4859" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e", + "url": "https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e" + }, + { + "refsource": "UBUNTU", + "name": "USN-4235-1", + "url": "https://usn.ubuntu.com/4235-1/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4235-2", + "url": "https://usn.ubuntu.com/4235-2/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200127-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200127-0003/" } ] } diff --git a/2019/20xxx/CVE-2019-20373.json b/2019/20xxx/CVE-2019-20373.json index 72f785152d5..50561ed81b2 100644 --- a/2019/20xxx/CVE-2019-20373.json +++ b/2019/20xxx/CVE-2019-20373.json @@ -56,6 +56,16 @@ "url": "https://git.launchpad.net/~ltsp-upstream/ltsp/+git/ldm/commit/?id=c351ac69ef63ed6c84221cef73e409059661b8ba", "refsource": "MISC", "name": "https://git.launchpad.net/~ltsp-upstream/ltsp/+git/ldm/commit/?id=c351ac69ef63ed6c84221cef73e409059661b8ba" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4601", + "url": "https://www.debian.org/security/2020/dsa-4601" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200110 [SECURITY] [DLA 2064-1] ldm security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00007.html" } ] } diff --git a/2019/20xxx/CVE-2019-20377.json b/2019/20xxx/CVE-2019-20377.json new file mode 100644 index 00000000000..5ce3ea7ffb4 --- /dev/null +++ b/2019/20xxx/CVE-2019-20377.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TopList before 2019-09-03 allows XSS via a title." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/tophubs/TopList/issues/32", + "refsource": "MISC", + "name": "https://github.com/tophubs/TopList/issues/32" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20378.json b/2019/20xxx/CVE-2019-20378.json new file mode 100644 index 00000000000..7bfc165f9ef --- /dev/null +++ b/2019/20xxx/CVE-2019-20378.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20378", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php ce parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ganglia/ganglia-web/issues/351", + "refsource": "MISC", + "name": "https://github.com/ganglia/ganglia-web/issues/351" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20379.json b/2019/20xxx/CVE-2019-20379.json new file mode 100644 index 00000000000..f829ec72927 --- /dev/null +++ b/2019/20xxx/CVE-2019-20379.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ganglia-web (aka Ganglia Web Frontend) through 3.7.5 allows XSS via the header.php cs parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ganglia/ganglia-web/issues/351", + "refsource": "MISC", + "name": "https://github.com/ganglia/ganglia-web/issues/351" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20380.json b/2019/20xxx/CVE-2019-20380.json new file mode 100644 index 00000000000..3c6ae57f954 --- /dev/null +++ b/2019/20xxx/CVE-2019-20380.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20380", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20381.json b/2019/20xxx/CVE-2019-20381.json new file mode 100644 index 00000000000..3001c615e42 --- /dev/null +++ b/2019/20xxx/CVE-2019-20381.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TestLink before 1.9.20 allows XSS via non-lowercase javascript: in the index.php reqURI parameter. NOTE: this issue exists because of an incomplete fix for CVE-2019-19491." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://mantis.testlink.org/view.php?id=8808", + "refsource": "MISC", + "name": "http://mantis.testlink.org/view.php?id=8808" + }, + { + "url": "https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/cde692895e425731e6951d265a01ca6425a7c26e", + "refsource": "MISC", + "name": "https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/cde692895e425731e6951d265a01ca6425a7c26e" + }, + { + "url": "https://github.com/TestLinkOpenSourceTRMS/testlink-code/compare/1.9.19...1.9.20", + "refsource": "MISC", + "name": "https://github.com/TestLinkOpenSourceTRMS/testlink-code/compare/1.9.19...1.9.20" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20382.json b/2019/20xxx/CVE-2019-20382.json new file mode 100644 index 00000000000..2305dcf0dcf --- /dev/null +++ b/2019/20xxx/CVE-2019-20382.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20382", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20383.json b/2019/20xxx/CVE-2019-20383.json new file mode 100644 index 00000000000..c84eb28de0e --- /dev/null +++ b/2019/20xxx/CVE-2019-20383.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20383", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20384.json b/2019/20xxx/CVE-2019-20384.json new file mode 100644 index 00000000000..f15f5adcedc --- /dev/null +++ b/2019/20xxx/CVE-2019-20384.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.gentoo.org/692492", + "refsource": "MISC", + "name": "https://bugs.gentoo.org/692492" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200121 CVE-2019-20384: Portage insecure temporary location", + "url": "http://www.openwall.com/lists/oss-security/2020/01/21/1" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20385.json b/2019/20xxx/CVE-2019-20385.json new file mode 100644 index 00000000000..9b36bd65331 --- /dev/null +++ b/2019/20xxx/CVE-2019-20385.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CSV upload feature in /supervisor/procesa_carga.php on Logaritmo Aware CallManager 2012 devices allows upload of .php files with a text/* content type. The PHP code can then be executed by visiting a /supervisor/csv/ URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://xpl0ited.blogspot.com/2019/11/unrestricted-file-upload-at-logaritmo.html", + "refsource": "MISC", + "name": "https://xpl0ited.blogspot.com/2019/11/unrestricted-file-upload-at-logaritmo.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20386.json b/2019/20xxx/CVE-2019-20386.json new file mode 100644 index 00000000000..4c791281cda --- /dev/null +++ b/2019/20xxx/CVE-2019-20386.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in button_open in login/logind-button.c in systemd before 243. When executing the udevadm trigger command, a memory leak may occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad", + "refsource": "MISC", + "name": "https://github.com/systemd/systemd/commit/b2774a3ae692113e1f47a336a6c09bac9cfb49ad" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20387.json b/2019/20xxx/CVE-2019-20387.json new file mode 100644 index 00000000000..eac9f1e26bd --- /dev/null +++ b/2019/20xxx/CVE-2019-20387.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-based buffer over-read via a last schema whose length is less than the length of the input schema." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da", + "refsource": "MISC", + "name": "https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da" + }, + { + "url": "https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6", + "refsource": "MISC", + "name": "https://github.com/openSUSE/libsolv/compare/0.7.5...0.7.6" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20388.json b/2019/20xxx/CVE-2019-20388.json new file mode 100644 index 00000000000..7481de28629 --- /dev/null +++ b/2019/20xxx/CVE-2019-20388.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68", + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20389.json b/2019/20xxx/CVE-2019-20389.json new file mode 100644 index 00000000000..7d766b175a0 --- /dev/null +++ b/2019/20xxx/CVE-2019-20389.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20389", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20390.json b/2019/20xxx/CVE-2019-20390.json new file mode 100644 index 00000000000..10c4c7961a4 --- /dev/null +++ b/2019/20xxx/CVE-2019-20390.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20390", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20391.json b/2019/20xxx/CVE-2019-20391.json new file mode 100644 index 00000000000..abd41bbb929 --- /dev/null +++ b/2019/20xxx/CVE-2019-20391.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CESNET/libyang/commit/bdb596ddc07596fa212f231135b87d0b9178f6f8", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/commit/bdb596ddc07596fa212f231135b87d0b9178f6f8" + }, + { + "url": "https://github.com/CESNET/libyang/issues/772", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/issues/772" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793934", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793934" + }, + { + "url": "https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20392.json b/2019/20xxx/CVE-2019-20392.json new file mode 100644 index 00000000000..39c2d81f8b6 --- /dev/null +++ b/2019/20xxx/CVE-2019-20392.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/commit/32fb4993bc8bb49e93e84016af3c10ea53964be5" + }, + { + "url": "https://github.com/CESNET/libyang/issues/723", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/issues/723" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793922" + }, + { + "url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20393.json b/2019/20xxx/CVE-2019-20393.json new file mode 100644 index 00000000000..285015fc62e --- /dev/null +++ b/2019/20xxx/CVE-2019-20393.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1" + }, + { + "url": "https://github.com/CESNET/libyang/issues/742", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/issues/742" + }, + { + "url": "https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/commit/d9feacc4a590d35dbc1af21caf9080008b4450ed" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793930", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793930" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20394.json b/2019/20xxx/CVE-2019-20394.json new file mode 100644 index 00000000000..9a24648b26d --- /dev/null +++ b/2019/20xxx/CVE-2019-20394.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3" + }, + { + "url": "https://github.com/CESNET/libyang/issues/769", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/issues/769" + }, + { + "url": "https://github.com/CESNET/libyang/commit/6cc51b1757dfbb7cff92de074ada65e8523289a6", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/commit/6cc51b1757dfbb7cff92de074ada65e8523289a6" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793932", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793932" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20395.json b/2019/20xxx/CVE-2019-20395.json new file mode 100644 index 00000000000..cc4c7703b2d --- /dev/null +++ b/2019/20xxx/CVE-2019-20395.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1" + }, + { + "url": "https://github.com/CESNET/libyang/issues/724", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/issues/724" + }, + { + "url": "https://github.com/CESNET/libyang/commit/4e610ccd87a2ba9413819777d508f71163fcc237", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/commit/4e610ccd87a2ba9413819777d508f71163fcc237" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793924", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793924" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20396.json b/2019/20xxx/CVE-2019-20396.json new file mode 100644 index 00000000000..afe7da8eaea --- /dev/null +++ b/2019/20xxx/CVE-2019-20396.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20396", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1" + }, + { + "url": "https://github.com/CESNET/libyang/issues/740", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/issues/740" + }, + { + "url": "https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/commit/a1f17693904ed6fecc8902c747fc50a8f20e6af8" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20397.json b/2019/20xxx/CVE-2019-20397.json new file mode 100644 index 00000000000..faa77fcaaa0 --- /dev/null +++ b/2019/20xxx/CVE-2019-20397.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/compare/v0.16-r3...v1.0-r1" + }, + { + "url": "https://github.com/CESNET/libyang/issues/739", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/issues/739" + }, + { + "url": "https://github.com/CESNET/libyang/commit/88bd6c548ba79bce176cd875e9b56e7e0ef4d8d4", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/commit/88bd6c548ba79bce176cd875e9b56e7e0ef4d8d4" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793928", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793928" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20398.json b/2019/20xxx/CVE-2019-20398.json new file mode 100644 index 00000000000..efeed5fef71 --- /dev/null +++ b/2019/20xxx/CVE-2019-20398.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20398", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/compare/v1.0-r2...v1.0-r3" + }, + { + "url": "https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/commit/7852b272ef77f8098c35deea6c6f09cb78176f08" + }, + { + "url": "https://github.com/CESNET/libyang/issues/773", + "refsource": "MISC", + "name": "https://github.com/CESNET/libyang/issues/773" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935", + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1793935" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20399.json b/2019/20xxx/CVE-2019-20399.json new file mode 100644 index 00000000000..1358c874608 --- /dev/null +++ b/2019/20xxx/CVE-2019-20399.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20399", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/paritytech/libsecp256k1/commit/11ba23a9766a5079918cd9f515bc100bc8164b50", + "refsource": "MISC", + "name": "https://github.com/paritytech/libsecp256k1/commit/11ba23a9766a5079918cd9f515bc100bc8164b50" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20400.json b/2019/20xxx/CVE-2019-20400.json new file mode 100644 index 00000000000..cb87d1c9002 --- /dev/null +++ b/2019/20xxx/CVE-2019-20400.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20400", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20401.json b/2019/20xxx/CVE-2019-20401.json new file mode 100644 index 00000000000..ce7d370c688 --- /dev/null +++ b/2019/20xxx/CVE-2019-20401.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20401", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20402.json b/2019/20xxx/CVE-2019-20402.json new file mode 100644 index 00000000000..9c189e3b8be --- /dev/null +++ b/2019/20xxx/CVE-2019-20402.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20402", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20403.json b/2019/20xxx/CVE-2019-20403.json new file mode 100644 index 00000000000..a99e34a7df8 --- /dev/null +++ b/2019/20xxx/CVE-2019-20403.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20403", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20404.json b/2019/20xxx/CVE-2019-20404.json new file mode 100644 index 00000000000..cedb2158f2b --- /dev/null +++ b/2019/20xxx/CVE-2019-20404.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20404", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20405.json b/2019/20xxx/CVE-2019-20405.json new file mode 100644 index 00000000000..e8c3cd3e1ea --- /dev/null +++ b/2019/20xxx/CVE-2019-20405.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20405", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20406.json b/2019/20xxx/CVE-2019-20406.json new file mode 100644 index 00000000000..289fd8aacce --- /dev/null +++ b/2019/20xxx/CVE-2019-20406.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20406", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20407.json b/2019/20xxx/CVE-2019-20407.json new file mode 100644 index 00000000000..327639176de --- /dev/null +++ b/2019/20xxx/CVE-2019-20407.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20407", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20408.json b/2019/20xxx/CVE-2019-20408.json new file mode 100644 index 00000000000..3c35b9a6f6a --- /dev/null +++ b/2019/20xxx/CVE-2019-20408.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20408", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20409.json b/2019/20xxx/CVE-2019-20409.json new file mode 100644 index 00000000000..8bbfa182fc3 --- /dev/null +++ b/2019/20xxx/CVE-2019-20409.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20409", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20410.json b/2019/20xxx/CVE-2019-20410.json new file mode 100644 index 00000000000..4e56ce8fd72 --- /dev/null +++ b/2019/20xxx/CVE-2019-20410.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20410", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20411.json b/2019/20xxx/CVE-2019-20411.json new file mode 100644 index 00000000000..f08521eab90 --- /dev/null +++ b/2019/20xxx/CVE-2019-20411.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20411", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20412.json b/2019/20xxx/CVE-2019-20412.json new file mode 100644 index 00000000000..665028a2055 --- /dev/null +++ b/2019/20xxx/CVE-2019-20412.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20412", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20413.json b/2019/20xxx/CVE-2019-20413.json new file mode 100644 index 00000000000..3f757bf5ae0 --- /dev/null +++ b/2019/20xxx/CVE-2019-20413.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20413", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20414.json b/2019/20xxx/CVE-2019-20414.json new file mode 100644 index 00000000000..c48e3f3ca6e --- /dev/null +++ b/2019/20xxx/CVE-2019-20414.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20414", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20415.json b/2019/20xxx/CVE-2019-20415.json new file mode 100644 index 00000000000..b88c3ac553e --- /dev/null +++ b/2019/20xxx/CVE-2019-20415.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20415", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20416.json b/2019/20xxx/CVE-2019-20416.json new file mode 100644 index 00000000000..96b82189fd2 --- /dev/null +++ b/2019/20xxx/CVE-2019-20416.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20416", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20417.json b/2019/20xxx/CVE-2019-20417.json new file mode 100644 index 00000000000..31d3624a738 --- /dev/null +++ b/2019/20xxx/CVE-2019-20417.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20417", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20418.json b/2019/20xxx/CVE-2019-20418.json new file mode 100644 index 00000000000..f894169544f --- /dev/null +++ b/2019/20xxx/CVE-2019-20418.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20418", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20419.json b/2019/20xxx/CVE-2019-20419.json new file mode 100644 index 00000000000..d196c78506b --- /dev/null +++ b/2019/20xxx/CVE-2019-20419.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20419", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20420.json b/2019/20xxx/CVE-2019-20420.json new file mode 100644 index 00000000000..7019610c816 --- /dev/null +++ b/2019/20xxx/CVE-2019-20420.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-20420", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20421.json b/2019/20xxx/CVE-2019-20421.json new file mode 100644 index 00000000000..440aa07689d --- /dev/null +++ b/2019/20xxx/CVE-2019-20421.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20421", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Exiv2/exiv2/issues/1011", + "refsource": "MISC", + "name": "https://github.com/Exiv2/exiv2/issues/1011" + }, + { + "url": "https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8", + "refsource": "MISC", + "name": "https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20422.json b/2019/20xxx/CVE-2019-20422.json new file mode 100644 index 00000000000..9f442ac0a2c --- /dev/null +++ b/2019/20xxx/CVE-2019-20422.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Linux kernel before 5.3.4, fib6_rule_lookup in net/ipv6/ip6_fib.c mishandles the RT6_LOOKUP_F_DST_NOREF flag in a reference-count decision, leading to (for example) a crash that was identified by syzkaller, aka CID-7b09c2d052db." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.4" + }, + { + "url": "https://github.com/torvalds/linux/commit/7b09c2d052db4b4ad0b27b97918b46a7746966fa", + "refsource": "MISC", + "name": "https://github.com/torvalds/linux/commit/7b09c2d052db4b4ad0b27b97918b46a7746966fa" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20423.json b/2019/20xxx/CVE-2019-20423.json new file mode 100644 index 00000000000..51318b4ab62 --- /dev/null +++ b/2019/20xxx/CVE-2019-20423.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://jira.whamcloud.com/browse/LU-12605", + "refsource": "MISC", + "name": "https://jira.whamcloud.com/browse/LU-12605" + }, + { + "url": "https://review.whamcloud.com/#/c/35935/", + "refsource": "MISC", + "name": "https://review.whamcloud.com/#/c/35935/" + }, + { + "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog", + "refsource": "MISC", + "name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog" + }, + { + "url": "http://lustre.org/", + "refsource": "MISC", + "name": "http://lustre.org/" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20424.json b/2019/20xxx/CVE-2019-20424.json new file mode 100644 index 00000000000..f40ef1fdf7a --- /dev/null +++ b/2019/20xxx/CVE-2019-20424.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20424", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Lustre file system before 2.12.3, mdt_object_remote in the mdt module has a NULL pointer dereference and panic due to the lack of validation for specific fields of packets sent by a client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog", + "refsource": "MISC", + "name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog" + }, + { + "url": "http://lustre.org/", + "refsource": "MISC", + "name": "http://lustre.org/" + }, + { + "url": "https://jira.whamcloud.com/browse/LU-12615", + "refsource": "MISC", + "name": "https://jira.whamcloud.com/browse/LU-12615" + }, + { + "url": "https://review.whamcloud.com/#/c/35869/", + "refsource": "MISC", + "name": "https://review.whamcloud.com/#/c/35869/" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20425.json b/2019/20xxx/CVE-2019-20425.json new file mode 100644 index 00000000000..cacaffeede8 --- /dev/null +++ b/2019/20xxx/CVE-2019-20425.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog", + "refsource": "MISC", + "name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog" + }, + { + "url": "http://lustre.org/", + "refsource": "MISC", + "name": "http://lustre.org/" + }, + { + "url": "https://jira.whamcloud.com/browse/LU-12613", + "refsource": "MISC", + "name": "https://jira.whamcloud.com/browse/LU-12613" + }, + { + "url": "https://review.whamcloud.com/#/c/36209/", + "refsource": "MISC", + "name": "https://review.whamcloud.com/#/c/36209/" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20426.json b/2019/20xxx/CVE-2019-20426.json new file mode 100644 index 00000000000..fd95f714de4 --- /dev/null +++ b/2019/20xxx/CVE-2019-20426.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlm_cancel_hpreq_check, there is no lock_count bounds check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog", + "refsource": "MISC", + "name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog" + }, + { + "url": "http://lustre.org/", + "refsource": "MISC", + "name": "http://lustre.org/" + }, + { + "url": "https://jira.whamcloud.com/browse/LU-12614", + "refsource": "MISC", + "name": "https://jira.whamcloud.com/browse/LU-12614" + }, + { + "url": "https://review.whamcloud.com/#/c/36107/", + "refsource": "MISC", + "name": "https://review.whamcloud.com/#/c/36107/" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20427.json b/2019/20xxx/CVE-2019-20427.json new file mode 100644 index 00000000000..fe11a49fb9b --- /dev/null +++ b/2019/20xxx/CVE-2019-20427.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog", + "refsource": "MISC", + "name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog" + }, + { + "url": "http://lustre.org/", + "refsource": "MISC", + "name": "http://lustre.org/" + }, + { + "url": "https://jira.whamcloud.com/browse/LU-12600", + "refsource": "MISC", + "name": "https://jira.whamcloud.com/browse/LU-12600" + }, + { + "url": "https://review.whamcloud.com/#/c/35867/", + "refsource": "MISC", + "name": "https://review.whamcloud.com/#/c/35867/" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20428.json b/2019/20xxx/CVE-2019-20428.json new file mode 100644 index 00000000000..78a6d4e4a15 --- /dev/null +++ b/2019/20xxx/CVE-2019-20428.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20428", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog", + "refsource": "MISC", + "name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog" + }, + { + "url": "http://lustre.org/", + "refsource": "MISC", + "name": "http://lustre.org/" + }, + { + "url": "https://jira.whamcloud.com/browse/LU-12603", + "refsource": "MISC", + "name": "https://jira.whamcloud.com/browse/LU-12603" + }, + { + "url": "https://review.whamcloud.com/#/c/36108/", + "refsource": "MISC", + "name": "https://review.whamcloud.com/#/c/36108/" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20429.json b/2019/20xxx/CVE-2019-20429.json new file mode 100644 index 00000000000..8062215c398 --- /dev/null +++ b/2019/20xxx/CVE-2019-20429.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog", + "refsource": "MISC", + "name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog" + }, + { + "url": "http://lustre.org/", + "refsource": "MISC", + "name": "http://lustre.org/" + }, + { + "url": "https://jira.whamcloud.com/browse/LU-12590", + "refsource": "MISC", + "name": "https://jira.whamcloud.com/browse/LU-12590" + }, + { + "url": "https://review.whamcloud.com/#/c/36119/", + "refsource": "MISC", + "name": "https://review.whamcloud.com/#/c/36119/" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20430.json b/2019/20xxx/CVE-2019-20430.json new file mode 100644 index 00000000000..5d9bfb97024 --- /dev/null +++ b/2019/20xxx/CVE-2019-20430.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog", + "refsource": "MISC", + "name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog" + }, + { + "url": "http://lustre.org/", + "refsource": "MISC", + "name": "http://lustre.org/" + }, + { + "url": "https://jira.whamcloud.com/browse/LU-12602", + "refsource": "MISC", + "name": "https://jira.whamcloud.com/browse/LU-12602" + }, + { + "url": "https://review.whamcloud.com/#/c/36208/", + "refsource": "MISC", + "name": "https://review.whamcloud.com/#/c/36208/" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20431.json b/2019/20xxx/CVE-2019-20431.json new file mode 100644 index 00000000000..1f1c0238e62 --- /dev/null +++ b/2019/20xxx/CVE-2019-20431.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20431", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog", + "refsource": "MISC", + "name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog" + }, + { + "url": "http://lustre.org/", + "refsource": "MISC", + "name": "http://lustre.org/" + }, + { + "url": "https://jira.whamcloud.com/browse/LU-12612", + "refsource": "MISC", + "name": "https://jira.whamcloud.com/browse/LU-12612" + }, + { + "url": "https://review.whamcloud.com/#/c/36273/", + "refsource": "MISC", + "name": "https://review.whamcloud.com/#/c/36273/" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20432.json b/2019/20xxx/CVE-2019-20432.json new file mode 100644 index 00000000000..edaa55b0d0f --- /dev/null +++ b/2019/20xxx/CVE-2019-20432.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://wiki.lustre.org/Lustre_2.12.3_Changelog", + "refsource": "MISC", + "name": "http://wiki.lustre.org/Lustre_2.12.3_Changelog" + }, + { + "url": "http://lustre.org/", + "refsource": "MISC", + "name": "http://lustre.org/" + }, + { + "url": "https://jira.whamcloud.com/browse/LU-12604", + "refsource": "MISC", + "name": "https://jira.whamcloud.com/browse/LU-12604" + }, + { + "url": "https://review.whamcloud.com/#/c/35868/", + "refsource": "MISC", + "name": "https://review.whamcloud.com/#/c/35868/" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20433.json b/2019/20xxx/CVE-2019-20433.json new file mode 100644 index 00000000000..7893166a427 --- /dev/null +++ b/2019/20xxx/CVE-2019-20433.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20433", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://aspell.net/buffer-overread-ucs.txt", + "refsource": "MISC", + "name": "http://aspell.net/buffer-overread-ucs.txt" + } + ] + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20434.json b/2019/20xxx/CVE-2019-20434.json new file mode 100644 index 00000000000..98f504522cc --- /dev/null +++ b/2019/20xxx/CVE-2019-20434.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Datasource creation page of the Management Console." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0616", + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0616" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/17", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/17" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:C/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20435.json b/2019/20xxx/CVE-2019-20435.json new file mode 100644 index 00000000000..c4d7f4672f4 --- /dev/null +++ b/2019/20xxx/CVE-2019-20435.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS attack could be performed in the inline API documentation editor page of the API Publisher by sending an HTTP GET request with a harmful docName request parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0633", + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0633" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/18", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/18" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:U/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20436.json b/2019/20xxx/CVE-2019-20436.json new file mode 100644 index 00000000000..48e9bf4e149 --- /dev/null +++ b/2019/20xxx/CVE-2019-20436.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20436", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. If there is a claim dialect configured with an XSS payload in the dialect URI, and a user picks up this dialect's URI and adds it as the service provider claim dialect while configuring the service provider, that payload gets executed. The attacker also needs to have privileges to log in to the management console, and to add and configure claim dialects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0634", + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0634" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/19", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/19" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:N/S:C/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20437.json b/2019/20xxx/CVE-2019-20437.json new file mode 100644 index 00000000000..dc7aac9b011 --- /dev/null +++ b/2019/20xxx/CVE-2019-20437.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. When a custom claim dialect with an XSS payload is configured in the identity provider basic claim configuration, that payload gets executed, if a user picks up that dialect's URI as the provisioning claim in the advanced claim configuration of the same Identity Provider. The attacker also needs to have privileges to log in to the management console, and to add and update identity provider configurations." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0635", + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0635" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/20", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/20" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:N/S:C/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20438.json b/2019/20xxx/CVE-2019-20438.json new file mode 100644 index 00000000000..7210c6c2d89 --- /dev/null +++ b/2019/20xxx/CVE-2019-20438.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WSO2 API Manager 2.6.0. A potential stored Cross-Site Scripting (XSS) vulnerability has been identified in the inline API documentation editor page of the API Publisher." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0645", + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0645" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/22", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/22" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:C/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20439.json b/2019/20xxx/CVE-2019-20439.json new file mode 100644 index 00000000000..87a6fb80216 --- /dev/null +++ b/2019/20xxx/CVE-2019-20439.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in defining a scope in the \"manage the API\" page of the API Publisher." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0644", + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0644" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/21", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/21" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:U/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20440.json b/2019/20xxx/CVE-2019-20440.json new file mode 100644 index 00000000000..61a0ce6d5db --- /dev/null +++ b/2019/20xxx/CVE-2019-20440.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20440", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the update API documentation feature of the API Publisher." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0646", + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0646" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/24", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/24" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:U/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20441.json b/2019/20xxx/CVE-2019-20441.json new file mode 100644 index 00000000000..c741b495e74 --- /dev/null +++ b/2019/20xxx/CVE-2019-20441.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored Cross-Site Scripting (XSS) vulnerability has been identified in the 'implement phase' of the API Publisher." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0647", + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0647" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/23", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/23" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:C/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20442.json b/2019/20xxx/CVE-2019-20442.json new file mode 100644 index 00000000000..28f0297aa0b --- /dev/null +++ b/2019/20xxx/CVE-2019-20442.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20442", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in roleToAuthorize has been identified in the registry UI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0636", + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0636" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/25", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/25" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:U/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/20xxx/CVE-2019-20443.json b/2019/20xxx/CVE-2019-20443.json new file mode 100644 index 00000000000..1797e791e15 --- /dev/null +++ b/2019/20xxx/CVE-2019-20443.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-20443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Integrator 6.5.0, WSO2 IS as Key Manager 5.7.0, and WSO2 Identity Server 5.8.0. A potential stored Cross-Site Scripting (XSS) vulnerability in mediaType has been identified in the registry UI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0636", + "refsource": "MISC", + "name": "https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2019-0636" + }, + { + "url": "https://github.com/cybersecurityworks/Disclosed/issues/26", + "refsource": "MISC", + "name": "https://github.com/cybersecurityworks/Disclosed/issues/26" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:L/I:L/PR:H/S:U/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2126.json b/2019/2xxx/CVE-2019-2126.json index e7b74e30bdc..37082cef624 100644 --- a/2019/2xxx/CVE-2019-2126.json +++ b/2019/2xxx/CVE-2019-2126.json @@ -53,6 +53,21 @@ "refsource": "UBUNTU", "name": "USN-4199-1", "url": "https://usn.ubuntu.com/4199-1/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-65eac1b48b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-6cd410d9e4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0105", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html" } ] }, diff --git a/2019/2xxx/CVE-2019-2215.json b/2019/2xxx/CVE-2019-2215.json index b889ed2f856..666012bd671 100644 --- a/2019/2xxx/CVE-2019-2215.json +++ b/2019/2xxx/CVE-2019-2215.json @@ -83,6 +83,11 @@ "refsource": "UBUNTU", "name": "USN-4186-1", "url": "https://usn.ubuntu.com/4186-1/" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2068-1] linux security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html" } ] }, diff --git a/2019/2xxx/CVE-2019-2224.json b/2019/2xxx/CVE-2019-2224.json index 93d5fe0fbe5..818e1cb2723 100644 --- a/2019/2xxx/CVE-2019-2224.json +++ b/2019/2xxx/CVE-2019-2224.json @@ -4,58 +4,14 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-2224", - "ASSIGNER": "security@android.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "n/a", - "product": { - "product_data": [ - { - "product_name": "Android", - "version": { - "version_data": [ - { - "version_value": "Android-8.0 Android-8.1 Android-9 Android-10" - } - ] - } - } - ] - } - } - ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Remote code execution" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/2019-12-01", - "url": "https://source.android.com/security/bulletin/2019-12-01" - } - ] + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "In ReadMATImage of mat.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process when loading a MATLAB image file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140328986" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-15140. Reason: This candidate is a duplicate of CVE-2019-15140. Notes: All CVE users should reference CVE-2019-15140 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2019/2xxx/CVE-2019-2267.json b/2019/2xxx/CVE-2019-2267.json index 1e76d97404f..ec3f91cfe2d 100644 --- a/2019/2xxx/CVE-2019-2267.json +++ b/2019/2xxx/CVE-2019-2267.json @@ -1,18 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-2267", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2019-2267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "product": { + "product_data": [ + { + "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking", + "version": { + "version_data": [ + { + "version_value": "MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130, SXR2130" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." } - ] - } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Locked regions may be modified through other interfaces in secure boot loader image due to improper access control. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM8150, SXR1130, SXR2130" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Permissions, Privileges and Access Control in Boot" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins/january-2020-bulletin" + } + ] + } } \ No newline at end of file diff --git a/2019/2xxx/CVE-2019-2725.json b/2019/2xxx/CVE-2019-2725.json index 7fa1f5672dd..6451c645ec4 100644 --- a/2019/2xxx/CVE-2019-2725.json +++ b/2019/2xxx/CVE-2019-2725.json @@ -11,11 +11,11 @@ "product": { "product_data": [ { - "product_name": "Tape Virtual VSM GUI - Virtual Storage Manager GUI", + "product_name": "Tape Library ACSLS", "version": { "version_data": [ { - "version_value": "6.2", + "version_value": "8.5", "version_affected": "=" } ] @@ -82,6 +82,11 @@ "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource": "MISC", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/2xxx/CVE-2019-2729.json b/2019/2xxx/CVE-2019-2729.json index 2828374b89d..58f6071d9d6 100644 --- a/2019/2xxx/CVE-2019-2729.json +++ b/2019/2xxx/CVE-2019-2729.json @@ -11,11 +11,11 @@ "product": { "product_data": [ { - "product_name": "Tape General STA - StorageTek Tape Analytics SW Tool", + "product_name": "Tape Library ACSLS", "version": { "version_data": [ { - "version_value": "2.3.0", + "version_value": "8.5", "version_affected": "=" } ] @@ -67,6 +67,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.html", "url": "http://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/2xxx/CVE-2019-2745.json b/2019/2xxx/CVE-2019-2745.json index 279ceb2c5da..3371b4dcaf9 100644 --- a/2019/2xxx/CVE-2019-2745.json +++ b/2019/2xxx/CVE-2019-2745.json @@ -82,6 +82,11 @@ "refsource": "CONFIRM", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us" } ] } diff --git a/2019/2xxx/CVE-2019-2762.json b/2019/2xxx/CVE-2019-2762.json index 7ab8b95b075..795c73f8236 100644 --- a/2019/2xxx/CVE-2019-2762.json +++ b/2019/2xxx/CVE-2019-2762.json @@ -121,6 +121,11 @@ "refsource": "CONFIRM", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us" } ] } diff --git a/2019/2xxx/CVE-2019-2766.json b/2019/2xxx/CVE-2019-2766.json index 731e0b263c0..0007f20bd74 100644 --- a/2019/2xxx/CVE-2019-2766.json +++ b/2019/2xxx/CVE-2019-2766.json @@ -76,6 +76,11 @@ "refsource": "CONFIRM", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us" } ] } diff --git a/2019/2xxx/CVE-2019-2769.json b/2019/2xxx/CVE-2019-2769.json index ca5039a0205..fdccdc59e86 100644 --- a/2019/2xxx/CVE-2019-2769.json +++ b/2019/2xxx/CVE-2019-2769.json @@ -121,6 +121,11 @@ "refsource": "CONFIRM", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us" } ] } diff --git a/2019/2xxx/CVE-2019-2786.json b/2019/2xxx/CVE-2019-2786.json index ea2aadd3b45..bf39e9f506b 100644 --- a/2019/2xxx/CVE-2019-2786.json +++ b/2019/2xxx/CVE-2019-2786.json @@ -101,6 +101,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2737", "url": "https://access.redhat.com/errata/RHSA-2019:2737" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us" } ] } diff --git a/2019/2xxx/CVE-2019-2816.json b/2019/2xxx/CVE-2019-2816.json index 02311e4c2c6..6b9a9afe5a7 100644 --- a/2019/2xxx/CVE-2019-2816.json +++ b/2019/2xxx/CVE-2019-2816.json @@ -121,6 +121,11 @@ "refsource": "CONFIRM", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us" } ] } diff --git a/2019/2xxx/CVE-2019-2842.json b/2019/2xxx/CVE-2019-2842.json index f8f64acb73d..e0d436373ff 100644 --- a/2019/2xxx/CVE-2019-2842.json +++ b/2019/2xxx/CVE-2019-2842.json @@ -72,6 +72,11 @@ "refsource": "CONFIRM", "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10300" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us" } ] } diff --git a/2019/2xxx/CVE-2019-2904.json b/2019/2xxx/CVE-2019-2904.json index 819348bba61..5ccecad0162 100644 --- a/2019/2xxx/CVE-2019-2904.json +++ b/2019/2xxx/CVE-2019-2904.json @@ -70,6 +70,16 @@ "refsource": "MISC", "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/2xxx/CVE-2019-2989.json b/2019/2xxx/CVE-2019-2989.json index c526223ef2c..355d0b5b644 100644 --- a/2019/2xxx/CVE-2019-2989.json +++ b/2019/2xxx/CVE-2019-2989.json @@ -39,8 +39,7 @@ "description_data": [ { "lang": "eng", - "value": "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: Java). The supported version that is affected is 19.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM Enterprise Edition accessible data. CVSS 3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)." - } + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 6.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N)."} ] }, "problemtype": { @@ -49,7 +48,7 @@ "description": [ { "lang": "eng", - "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle GraalVM Enterprise Edition accessible data." + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data." } ] } diff --git a/2019/3xxx/CVE-2019-3467.json b/2019/3xxx/CVE-2019-3467.json index 67c245c4b68..ae3b2cfdb62 100644 --- a/2019/3xxx/CVE-2019-3467.json +++ b/2019/3xxx/CVE-2019-3467.json @@ -83,6 +83,11 @@ "refsource": "BUGTRAQ", "name": "20191229 [SECURITY] [DSA 4595-1] debian-lan-config security update", "url": "https://seclists.org/bugtraq/2019/Dec/44" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200115 [SECURITY] [DLA 2063-1] debian-lan-config security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00012.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3682.json b/2019/3xxx/CVE-2019-3682.json index c397413f667..a2ebfc7a64d 100644 --- a/2019/3xxx/CVE-2019-3682.json +++ b/2019/3xxx/CVE-2019-3682.json @@ -1,8 +1,35 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2019-02-15T00:00:00.000Z", "ID": "CVE-2019-3682", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Insecure API port exposed to all Master Node guest containers" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SUSE CaaS Platform 3.0", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "docker-kubic", + "version_value": "17.09.1_ce-7.6.1" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +38,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-668: Exposure of Resource to Wrong Sphere" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1121148", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1121148" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1121148", + "defect": [ + "1121148" + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3683.json b/2019/3xxx/CVE-2019-3683.json index 782bd245907..0c72836ebbb 100644 --- a/2019/3xxx/CVE-2019-3683.json +++ b/2019/3xxx/CVE-2019-3683.json @@ -1,9 +1,42 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2019-02-18T00:00:00.000Z", "ID": "CVE-2019-3683", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "keystone_json_assignment backend granted access to any project for users in user-project-map.json" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SUSE Openstack Cloud 8", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "keystone-json-assignment", + "version_value": "d7888c75505465490250c00cc0ef4bb1af662f9f" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Kurt Garloff by SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +44,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit d7888c75505465490250c00cc0ef4bb1af662f9f every user listed in the /etc/keystone/user-project-map.json was assigned full \"member\" role access to every project. This allowed these users to access, modify, create and delete arbitrary resources, contrary to expectations." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-732: Incorrect Permission Assignment for Critical Resource" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1124864", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1124864" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1124864", + "defect": [ + "1124864" + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3686.json b/2019/3xxx/CVE-2019-3686.json index 3d5c6c14550..d7835d92727 100644 --- a/2019/3xxx/CVE-2019-3686.json +++ b/2019/3xxx/CVE-2019-3686.json @@ -1,8 +1,34 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2019-08-06T00:00:00.000Z", "ID": "CVE-2019-3686", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "XSS in distri and version parameter in openQA" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "openQA", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "c172e8883d8f32fced5e02f9b6faaacc913df27b" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +37,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vulnerable to XSS in the distri and version parameter. This was reported through the bug bounty program of Offensive Security" } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1142849", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1142849" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1142849", + "defect": [ + "1142849" + ], + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3687.json b/2019/3xxx/CVE-2019-3687.json index 68abc6c12fb..d4d05fa84a8 100644 --- a/2019/3xxx/CVE-2019-3687.json +++ b/2019/3xxx/CVE-2019-3687.json @@ -1,9 +1,42 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2019-08-30T00:00:00.000Z", "ID": "CVE-2019-3687", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "\"easy\" permission profile allows everyone execute dumpcap and read all network traffic" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SUSE Linux Enterprise Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "permissions", + "version_value": "081d081dcfaf61710bda34bc21c80c66276119aa" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Malte Kraus of SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +44,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the \"easy\" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-276: Incorrect Default Permissions" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1148788", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1148788" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1148788", + "defect": [ + "1148788" + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3691.json b/2019/3xxx/CVE-2019-3691.json index 9634c6c3f7b..1cb9d04ab97 100644 --- a/2019/3xxx/CVE-2019-3691.json +++ b/2019/3xxx/CVE-2019-3691.json @@ -1,9 +1,61 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2019-12-05T00:00:00.000Z", "ID": "CVE-2019-3691", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Local privilege escalation from user munge to root" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SUSE Linux Enterprise Server 15", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "munge", + "version_value": "0.5.13-4.3.1" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + }, + { + "product": { + "product_data": [ + { + "product_name": "Factory", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "munge", + "version_value": "0.5.13-6.1" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Johannes Segitz from SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +63,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Symbolic Link (Symlink) Following vulnerability in the packaging of munge in SUSE Linux Enterprise Server 15; openSUSE Factory allowed local attackers to escalate privileges from user munge to root. This issue affects: SUSE Linux Enterprise Server 15 munge versions prior to 0.5.13-4.3.1. openSUSE Factory munge versions prior to 0.5.13-6.1." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1155075", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1155075" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1155075", + "defect": [ + "1155075" + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3692.json b/2019/3xxx/CVE-2019-3692.json index c7fa4cd6d62..f3bd44f7aba 100644 --- a/2019/3xxx/CVE-2019-3692.json +++ b/2019/3xxx/CVE-2019-3692.json @@ -1,9 +1,73 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2020-01-24T00:00:00.000Z", "ID": "CVE-2019-3692", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Local privilege escalation from user news to root in the packaging of inn" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SUSE Linux Enterprise Server 11", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "inn", + "version_value": "2.4.2-170.21.3.1" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + }, + { + "product": { + "product_data": [ + { + "product_name": "Factory", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "inn", + "version_value": "2.6.2-2.2" + } + ] + } + }, + { + "product_name": "Leap 15.1", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "inn", + "version_value": "2.5.4-lp151.2.47" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Johannes Segitz of SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +75,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Factory, Leap 15.1 allows local attackers to escalate from user inn to root via symlink attacks. This issue affects: SUSE Linux Enterprise Server 11 inn version 2.4.2-170.21.3.1 and prior versions. openSUSE Factory inn version 2.6.2-2.2 and prior versions. openSUSE Leap 15.1 inn version 2.5.4-lp151.2.47 and prior versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1154302", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1154302" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1154302", + "defect": [ + "1154302" + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3693.json b/2019/3xxx/CVE-2019-3693.json index 01aab032cfb..dab8ed0696f 100644 --- a/2019/3xxx/CVE-2019-3693.json +++ b/2019/3xxx/CVE-2019-3693.json @@ -1,9 +1,73 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2019-11-26T00:00:00.000Z", "ID": "CVE-2019-3693", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Local privilege escalation from user wwwrun to root in the packaging of mailman" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SUSE Linux Enterprise Server 11", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "mailman", + "version_value": "2.1.15-9.6.15.1" + } + ] + } + }, + { + "product_name": "SUSE Linux Enterprise Server 12", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "mailman", + "version_value": "2.1.17-3.11.1" + } + ] + } + } + ] + }, + "vendor_name": "SUSE" + }, + { + "product": { + "product_data": [ + { + "product_name": "Leap 15.1", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "mailman", + "version_value": "2.1.29-lp151.2.14" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Johannes Segitz of SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +75,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1154328", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1154328" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1154328", + "defect": [ + "1154328" + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3694.json b/2019/3xxx/CVE-2019-3694.json index 9ab9c9bd1ee..5081eeadbee 100644 --- a/2019/3xxx/CVE-2019-3694.json +++ b/2019/3xxx/CVE-2019-3694.json @@ -1,9 +1,54 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2020-01-24T00:00:00.000Z", "ID": "CVE-2019-3694", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Local privilege escalation from munin to root in the packaging of munin" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Factory", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "munin", + "version_value": "2.0.49-4.2" + } + ] + } + }, + { + "product_name": "Leap 15.1", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "munin", + "version_value": "2.0.40-lp151.1.1" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Johannes Segitz of SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +56,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Symbolic Link (Symlink) Following vulnerability in the packaging of munin in openSUSE Factory, Leap 15.1 allows local attackers to escalate from user munin to root. This issue affects: openSUSE Factory munin version 2.0.49-4.2 and prior versions. openSUSE Leap 15.1 munin version 2.0.40-lp151.1.1 and prior versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1155078", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1155078" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1155078", + "defect": [ + "1155078" + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3697.json b/2019/3xxx/CVE-2019-3697.json index 21194c7e8e5..24baff450cf 100644 --- a/2019/3xxx/CVE-2019-3697.json +++ b/2019/3xxx/CVE-2019-3697.json @@ -1,9 +1,42 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2020-01-24T00:00:00.000Z", "ID": "CVE-2019-3697", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Local privilege escalation from user gnump3d to root" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Leap 15.1", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "gnump3d", + "version_value": "3.0-lp151.2.1" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Johannes Segitz of SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +44,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of gnump3d in openSUSE Leap 15.1 allows local attackers to escalate from user gnump3d to root. This issue affects: openSUSE Leap 15.1 gnump3d version 3.0-lp151.2.1 and prior versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1154229", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1154229" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1154229", + "defect": [ + "1154229" + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3699.json b/2019/3xxx/CVE-2019-3699.json index 5def191ae7e..f85f01203a4 100644 --- a/2019/3xxx/CVE-2019-3699.json +++ b/2019/3xxx/CVE-2019-3699.json @@ -1,9 +1,54 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2020-01-24T00:00:00.000Z", "ID": "CVE-2019-3699", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Local privilege escalation from user privoxy to root" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Leap 15.1", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "privoxy", + "version_value": "3.0.28-lp151.1.1" + } + ] + } + }, + { + "product_name": "Factory", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "privoxy", + "version_value": "3.0.28-2.1" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Johannes Segitz of SUSE" + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +56,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of privoxy on openSUSE Leap 15.1, Factory allows local attackers to escalate from user privoxy to root. This issue affects: openSUSE Leap 15.1 privoxy version 3.0.28-lp151.1.1 and prior versions. openSUSE Factory privoxy version 3.0.28-2.1 and prior versions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-61: UNIX Symbolic Link (Symlink) Following" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1157449", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157449" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1157449", + "defect": [ + "1157449" + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3700.json b/2019/3xxx/CVE-2019-3700.json index b832a503316..aa5eff619f0 100644 --- a/2019/3xxx/CVE-2019-3700.json +++ b/2019/3xxx/CVE-2019-3700.json @@ -1,8 +1,35 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@suse.com", + "DATE_PUBLIC": "2019-11-22T00:00:00.000Z", "ID": "CVE-2019-3700", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "yast: Fallback to DES without configuration in /etc/login.def" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Factory", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "yast2-security", + "version_value": "4.2.6" + } + ] + } + } + ] + }, + "vendor_name": "openSUSE" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +38,55 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "yast2-security didn't use secure defaults to protect passwords. This became a problem on 2019-10-07 when configuration files that set secure settings were moved to a different location. As of the 20191022 snapshot the insecure default settings were used until yast2-security switched to stronger defaults in 4.2.6 and used the new configuration file locations. Password created during this time used DES password encryption and are not properly protected against attackers that are able to access the password hashes." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 2.9, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1157541", + "refsource": "CONFIRM", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157541" + } + ] + }, + "source": { + "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1157541", + "defect": [ + "1157541" + ], + "discovery": "USER" } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3764.json b/2019/3xxx/CVE-2019-3764.json index 09ce9bde5ab..eb21837a31c 100644 --- a/2019/3xxx/CVE-2019-3764.json +++ b/2019/3xxx/CVE-2019-3764.json @@ -17,7 +17,7 @@ "version_data": [ { "version_affected": "<", - "version_value": "iDRAC8: 2.70.70.70, iDRAC9: 3.40.40.40 and 3.36.36.36" + "version_value": "iDRAC7: 2.65.65.65, iDRAC8: 2.70.70.70, iDRAC9: 3.40.40.40 and 3.36.36.36" } ] } @@ -36,7 +36,7 @@ "description_data": [ { "lang": "eng", - "value": "Dell EMC iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes." + "value": "Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes." } ] }, diff --git a/2019/3xxx/CVE-2019-3826.json b/2019/3xxx/CVE-2019-3826.json index 0118b9b660d..9047460d827 100644 --- a/2019/3xxx/CVE-2019-3826.json +++ b/2019/3xxx/CVE-2019-3826.json @@ -63,6 +63,21 @@ "refsource": "REDHAT", "name": "RHBA-2019:0327", "url": "https://access.redhat.com/errata/RHBA-2019:0327" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20200118 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20200118 [zookeeper] branch master updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[zookeeper-commits] 20200118 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer", + "url": "https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E" } ] }, diff --git a/2019/3xxx/CVE-2019-3846.json b/2019/3xxx/CVE-2019-3846.json index 5313f5665b3..23db1337982 100644 --- a/2019/3xxx/CVE-2019-3846.json +++ b/2019/3xxx/CVE-2019-3846.json @@ -178,6 +178,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] }, diff --git a/2019/3xxx/CVE-2019-3862.json b/2019/3xxx/CVE-2019-3862.json index 81363e7600b..a6f2bc0ecb9 100644 --- a/2019/3xxx/CVE-2019-3862.json +++ b/2019/3xxx/CVE-2019-3862.json @@ -128,6 +128,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3864.json b/2019/3xxx/CVE-2019-3864.json index 316f8b8268b..bb257814234 100644 --- a/2019/3xxx/CVE-2019-3864.json +++ b/2019/3xxx/CVE-2019-3864.json @@ -1,18 +1,72 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3864", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3864", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Red Hat", + "product": { + "product_data": [ + { + "product_name": "quay", + "version": { + "version_data": [ + { + "version_value": "all quay-2 versions before quay-3.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3864", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3864", + "refsource": "CONFIRM" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was discovered in all quay-2 versions before quay-3.0.0, in the Quay web GUI where POST requests include a specific parameter which is used as a CSRF token. The token is not refreshed for every request or when a user logged out and in again. An attacker could use a leaked token to gain access to the system using the user's account." } ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3929.json b/2019/3xxx/CVE-2019-3929.json index ba57ee4e908..9d873c5efbf 100644 --- a/2019/3xxx/CVE-2019-3929.json +++ b/2019/3xxx/CVE-2019-3929.json @@ -88,6 +88,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.html", "url": "http://packetstormsecurity.com/files/152715/Barco-AWIND-OEM-Presentation-Platform-Unauthenticated-Remote-Command-Injection.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155948/Barco-WePresent-file_transfer.cgi-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/155948/Barco-WePresent-file_transfer.cgi-Command-Injection.html" } ] }, diff --git a/2019/3xxx/CVE-2019-3981.json b/2019/3xxx/CVE-2019-3981.json index b6bb4d72b2f..9e696ab2be9 100644 --- a/2019/3xxx/CVE-2019-3981.json +++ b/2019/3xxx/CVE-2019-3981.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3981", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3981", + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MikroTik", + "product": { + "product_data": [ + { + "product_name": "WinBox", + "version": { + "version_data": [ + { + "version_value": "Winbox 3.20 and below." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-300" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-01", + "url": "https://www.tenable.com/security/research/tra-2020-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "MikroTik Winbox 3.20 and below is vulnerable to man in the middle attacks. A man in the middle can downgrade the client's authentication protocol and recover the user's username and MD5 hashed password." } ] } diff --git a/2019/3xxx/CVE-2019-3992.json b/2019/3xxx/CVE-2019-3992.json index a3cec0e9b77..4085fcff362 100644 --- a/2019/3xxx/CVE-2019-3992.json +++ b/2019/3xxx/CVE-2019-3992.json @@ -48,6 +48,16 @@ "refsource": "MISC", "name": "https://www.tenable.com/security/research/tra-2019-53", "url": "https://www.tenable.com/security/research/tra-2019-53" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-9f8bc040c8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-f49fe7f011", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4IAS4HI24H2ERKBZTDEVJ3LEQEFWYSCT/" } ] }, diff --git a/2019/3xxx/CVE-2019-3993.json b/2019/3xxx/CVE-2019-3993.json index cc44a68388e..94927cd54ed 100644 --- a/2019/3xxx/CVE-2019-3993.json +++ b/2019/3xxx/CVE-2019-3993.json @@ -48,6 +48,16 @@ "refsource": "MISC", "name": "https://www.tenable.com/security/research/tra-2019-53", "url": "https://www.tenable.com/security/research/tra-2019-53" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-9f8bc040c8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-f49fe7f011", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4IAS4HI24H2ERKBZTDEVJ3LEQEFWYSCT/" } ] }, diff --git a/2019/3xxx/CVE-2019-3994.json b/2019/3xxx/CVE-2019-3994.json index 671e20fcdd1..ec10cac4e61 100644 --- a/2019/3xxx/CVE-2019-3994.json +++ b/2019/3xxx/CVE-2019-3994.json @@ -48,6 +48,16 @@ "refsource": "MISC", "name": "https://www.tenable.com/security/research/tra-2019-53", "url": "https://www.tenable.com/security/research/tra-2019-53" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-9f8bc040c8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-f49fe7f011", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4IAS4HI24H2ERKBZTDEVJ3LEQEFWYSCT/" } ] }, diff --git a/2019/3xxx/CVE-2019-3995.json b/2019/3xxx/CVE-2019-3995.json index a630baca952..1879f62a3f9 100644 --- a/2019/3xxx/CVE-2019-3995.json +++ b/2019/3xxx/CVE-2019-3995.json @@ -48,6 +48,16 @@ "refsource": "MISC", "name": "https://www.tenable.com/security/research/tra-2019-53", "url": "https://www.tenable.com/security/research/tra-2019-53" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-9f8bc040c8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-f49fe7f011", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4IAS4HI24H2ERKBZTDEVJ3LEQEFWYSCT/" } ] }, diff --git a/2019/3xxx/CVE-2019-3996.json b/2019/3xxx/CVE-2019-3996.json index 9dfc26a77fc..65166f9faab 100644 --- a/2019/3xxx/CVE-2019-3996.json +++ b/2019/3xxx/CVE-2019-3996.json @@ -48,6 +48,16 @@ "refsource": "MISC", "name": "https://www.tenable.com/security/research/tra-2019-53", "url": "https://www.tenable.com/security/research/tra-2019-53" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-9f8bc040c8", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IN3FP6VXYSD4OMUCFZNOL7MKPWRQFAL/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-f49fe7f011", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4IAS4HI24H2ERKBZTDEVJ3LEQEFWYSCT/" } ] }, diff --git a/2019/3xxx/CVE-2019-3997.json b/2019/3xxx/CVE-2019-3997.json index 8796d374021..5bf17cec38e 100644 --- a/2019/3xxx/CVE-2019-3997.json +++ b/2019/3xxx/CVE-2019-3997.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-3997", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-3997", + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "SimpliSafe SS3", + "version": { + "version_data": [ + { + "version_value": "1.0-1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Unauthenticated Keypad Pairing Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-03", + "url": "https://www.tenable.com/security/research/tra-2020-03" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.0-1.3 allows a local, unauthenticated attacker to pair a rogue keypad to an armed system." } ] } diff --git a/2019/4xxx/CVE-2019-4508.json b/2019/4xxx/CVE-2019-4508.json index 21c61dffa28..7b263ae4e74 100644 --- a/2019/4xxx/CVE-2019-4508.json +++ b/2019/4xxx/CVE-2019-4508.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4508", - "STATE": "RESERVED" + "data_type": "CVE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "title": "IBM Security Bulletin 1170334 (QRadar SIEM)", + "url": "https://www.ibm.com/support/pages/node/1170334", + "refsource": "CONFIRM", + "name": "https://www.ibm.com/support/pages/node/1170334" + }, + { + "name": "ibm-qradar-cve20194508-info-disc (164429)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/164429", + "title": "X-Force Vulnerability Report" + } + ] }, "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", + "CVE_data_meta": { + "DATE_PUBLIC": "2020-01-09T00:00:00", + "STATE": "PUBLIC", + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4508" + }, "description": { "description_data": [ { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in some instances which could be decrypted by a local attacker. IBM X-Force ID: 164429.", + "lang": "eng" } ] + }, + "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "7.3.0" + }, + { + "version_value": "7.3.3" + } + ] + }, + "product_name": "QRadar SIEM" + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, + "impact": { + "cvssv3": { + "BM": { + "S": "U", + "I": "N", + "AC": "H", + "C": "H", + "A": "N", + "PR": "N", + "SCORE": "5.100", + "AV": "L", + "UI": "N" + }, + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + } + } } } \ No newline at end of file diff --git a/2019/4xxx/CVE-2019-4559.json b/2019/4xxx/CVE-2019-4559.json index 4171b65250b..5a2f54a5bcf 100644 --- a/2019/4xxx/CVE-2019-4559.json +++ b/2019/4xxx/CVE-2019-4559.json @@ -1,18 +1,93 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-4559", - "STATE": "RESERVED" + "impact": { + "cvssv3": { + "TM": { + "RC": "C", + "RL": "O", + "E": "U" + }, + "BM": { + "A": "N", + "C": "L", + "AC": "L", + "UI": "N", + "SCORE": "5.300", + "AV": "N", + "PR": "N", + "S": "U", + "I": "N" + } + } }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "QRadar SIEM", + "version": { + "version_data": [ + { + "version_value": "7.3.0" + }, + { + "version_value": "7.3.3" + } + ] + } + } + ] + }, + "vendor_name": "IBM" + } + ] + } + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IBM QRadar SIEM 7.3.0 through 7.3.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 166355." } ] - } + }, + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2019-4559", + "DATE_PUBLIC": "2020-01-09T00:00:00", + "STATE": "PUBLIC" + }, + "references": { + "reference_data": [ + { + "name": "https://www.ibm.com/support/pages/node/1170346", + "refsource": "CONFIRM", + "url": "https://www.ibm.com/support/pages/node/1170346", + "title": "IBM Security Bulletin 1170346 (QRadar SIEM)" + }, + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/166355", + "title": "X-Force Vulnerability Report", + "name": "ibm-qradar-cve20194559-info-disc (166355)", + "refsource": "XF" + } + ] + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Obtain Information" + } + ] + } + ] + }, + "data_type": "CVE" } \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5010.json b/2019/5xxx/CVE-2019-5010.json index a13886df1b7..33d5e1845cc 100644 --- a/2019/5xxx/CVE-2019-5010.json +++ b/2019/5xxx/CVE-2019-5010.json @@ -58,6 +58,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3725", "url": "https://access.redhat.com/errata/RHSA-2019:3725" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] }, diff --git a/2019/5xxx/CVE-2019-5051.json b/2019/5xxx/CVE-2019-5051.json index 56314162894..3e6652707bc 100644 --- a/2019/5xxx/CVE-2019-5051.json +++ b/2019/5xxx/CVE-2019-5051.json @@ -63,6 +63,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] }, diff --git a/2019/5xxx/CVE-2019-5052.json b/2019/5xxx/CVE-2019-5052.json index 7388559d65b..9a75fc79c61 100644 --- a/2019/5xxx/CVE-2019-5052.json +++ b/2019/5xxx/CVE-2019-5052.json @@ -78,6 +78,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2108", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00029.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] }, diff --git a/2019/5xxx/CVE-2019-5068.json b/2019/5xxx/CVE-2019-5068.json index 241d9b39d5d..9d1bc5ec2d1 100644 --- a/2019/5xxx/CVE-2019-5068.json +++ b/2019/5xxx/CVE-2019-5068.json @@ -53,6 +53,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191115 [SECURITY] [DLA 1993-1] mesa security update", "url": "https://lists.debian.org/debian-lts-announce/2019/11/msg00013.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0084", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00037.html" } ] }, diff --git a/2019/5xxx/CVE-2019-5094.json b/2019/5xxx/CVE-2019-5094.json index 26704dec92f..e8f1a304057 100644 --- a/2019/5xxx/CVE-2019-5094.json +++ b/2019/5xxx/CVE-2019-5094.json @@ -73,6 +73,16 @@ "refsource": "UBUNTU", "name": "USN-4142-1", "url": "https://usn.ubuntu.com/4142-1/" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200115-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200115-0002/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a724cc7926", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/" } ] }, diff --git a/2019/5xxx/CVE-2019-5108.json b/2019/5xxx/CVE-2019-5108.json index a8e07979a16..7428a8744c9 100644 --- a/2019/5xxx/CVE-2019-5108.json +++ b/2019/5xxx/CVE-2019-5108.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900" + }, + { + "refsource": "MISC", + "name": "https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e", + "url": "https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e" } ] }, diff --git a/2019/5xxx/CVE-2019-5124.json b/2019/5xxx/CVE-2019-5124.json index 2ff6d1ca14a..2a356f0607f 100644 --- a/2019/5xxx/CVE-2019-5124.json +++ b/2019/5xxx/CVE-2019-5124.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5124", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5124", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "AMD", + "version": { + "version_data": [ + { + "version_value": "AMD ATIDXX64.DLL (26.20.13001.50005) running on Radeon RX 550 / 550 Series VMware Workstation 15 (15.1.0 build-13591040) with Windows 10 x64 as guestVM" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0913", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0913" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.50005. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host." } ] } diff --git a/2019/5xxx/CVE-2019-5126.json b/2019/5xxx/CVE-2019-5126.json index ba7bd8a317f..74e5cb0aeb4 100644 --- a/2019/5xxx/CVE-2019-5126.json +++ b/2019/5xxx/CVE-2019-5126.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5126", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5126", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Foxit", + "version": { + "version_data": [ + { + "version_value": "Foxit Software Foxit PDF Reader 9.7.0.29435." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0915", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0915" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." } ] } diff --git a/2019/5xxx/CVE-2019-5130.json b/2019/5xxx/CVE-2019-5130.json index 9fc397aea3a..9485cecfc67 100644 --- a/2019/5xxx/CVE-2019-5130.json +++ b/2019/5xxx/CVE-2019-5130.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5130", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5130", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Foxit", + "version": { + "version_data": [ + { + "version_value": "Foxit Software Foxit PDF Reader 9.7.0.29435" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0935", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0935" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." } ] } diff --git a/2019/5xxx/CVE-2019-5131.json b/2019/5xxx/CVE-2019-5131.json index a3d972a7aea..f39d2b6fc3d 100644 --- a/2019/5xxx/CVE-2019-5131.json +++ b/2019/5xxx/CVE-2019-5131.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5131", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5131", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Foxit", + "version": { + "version_data": [ + { + "version_value": "Foxit Software Foxit PDF Reader 9.7.0.29435." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0920", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0920" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." } ] } diff --git a/2019/5xxx/CVE-2019-5145.json b/2019/5xxx/CVE-2019-5145.json index 729250d66de..de7caf816ea 100644 --- a/2019/5xxx/CVE-2019-5145.json +++ b/2019/5xxx/CVE-2019-5145.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5145", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5145", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Foxit", + "version": { + "version_data": [ + { + "version_value": "Foxit Software Foxit PDF Reader 9.7.0.29435" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "use-after-free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0934", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0934" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." } ] } diff --git a/2019/5xxx/CVE-2019-5146.json b/2019/5xxx/CVE-2019-5146.json index 55f5f520a9c..7cf49758115 100644 --- a/2019/5xxx/CVE-2019-5146.json +++ b/2019/5xxx/CVE-2019-5146.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5146", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5146", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "AMD", + "version": { + "version_data": [ + { + "version_value": "AMD ATIDXX64.DLL (26.20.13025.10004) running on Radeon RX 550 / 550 Series VMware Workstation 15 (15.5.0 build-14665864) with Windows 10 x64 as guestVM" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0937", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0937" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13025.10004. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host." } ] } diff --git a/2019/5xxx/CVE-2019-5147.json b/2019/5xxx/CVE-2019-5147.json index c17a50a5cb1..e82ea9dffcb 100644 --- a/2019/5xxx/CVE-2019-5147.json +++ b/2019/5xxx/CVE-2019-5147.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5147", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5147", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "AMD", + "version": { + "version_data": [ + { + "version_value": "AMD ATIDXX64.DLL (26.20.13003.1007) running on Radeon RX 550 / 550 Series VMware Workstation 15 (15.5.0 build-14665864) with Windows 10 x64 as guestVM" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "out of bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0936", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0936" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13003.1007. A specially crafted pixel shader can cause a denial of service. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host." } ] } diff --git a/2019/5xxx/CVE-2019-5183.json b/2019/5xxx/CVE-2019-5183.json index 23dab81312e..79b7040a1dc 100644 --- a/2019/5xxx/CVE-2019-5183.json +++ b/2019/5xxx/CVE-2019-5183.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5183", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5183", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "AMD", + "version": { + "version_data": [ + { + "version_value": "AMD ATIDXX64.DLL (26.20.13031.10003, 26.20.13031.15006, 26.20.13031.18002) running on Radeon RX 550 / 550 Series VMware Workstation 15 (15.5.0 build-14665864) with Windows 10 x64 as guestVM" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "type confusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0964", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0964" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable type confusion vulnerability exists in AMD ATIDXX64.DLL driver, versions 26.20.13031.10003, 26.20.13031.15006 and 26.20.13031.18002. A specially crafted pixel shader can cause a type confusion issue, leading to potential code execution. An attacker can provide a specially crafted shader file to trigger this vulnerability. This vulnerability can be triggered from VMware guest, affecting VMware host." } ] } diff --git a/2019/5xxx/CVE-2019-5188.json b/2019/5xxx/CVE-2019-5188.json index 80361dd80ff..d939affc31a 100644 --- a/2019/5xxx/CVE-2019-5188.json +++ b/2019/5xxx/CVE-2019-5188.json @@ -48,6 +48,16 @@ "refsource": "CONFIRM", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973", "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-a724cc7926", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4249-1", + "url": "https://usn.ubuntu.com/4249-1/" } ] }, diff --git a/2019/5xxx/CVE-2019-5462.json b/2019/5xxx/CVE-2019-5462.json index 802f958f1e0..60903924a44 100644 --- a/2019/5xxx/CVE-2019-5462.json +++ b/2019/5xxx/CVE-2019-5462.json @@ -1,17 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5462", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5462", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab Community Edition and GitLab Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "Affects GitLab CE/EE 9.0 and later" + }, + { + "version_value": "Fixed in 12.1.2 in 12.0.4 and in 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/495282", + "url": "https://hackerone.com/reports/495282" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/58312", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/58312" + }, + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A privilege escalation issue was discovered in GitLab CE/EE 9.0 and later when trigger tokens are not rotated once ownership of them has changed." } ] } diff --git a/2019/5xxx/CVE-2019-5464.json b/2019/5xxx/CVE-2019-5464.json index 92071b74152..bbe6be41972 100644 --- a/2019/5xxx/CVE-2019-5464.json +++ b/2019/5xxx/CVE-2019-5464.json @@ -1,17 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5464", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5464", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab CE/EE", + "version": { + "version_data": [ + { + "version_value": "Affects GitLab CE/EE 10.2 and later" + }, + { + "version_value": "Fixed in 12.1.2 in 12.0.4 and in 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation (CWE-20)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/632101", + "url": "https://hackerone.com/reports/632101" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/63959", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/63959" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized." } ] } diff --git a/2019/5xxx/CVE-2019-5465.json b/2019/5xxx/CVE-2019-5465.json index 6f94aab82f4..264113dccd0 100644 --- a/2019/5xxx/CVE-2019-5465.json +++ b/2019/5xxx/CVE-2019-5465.json @@ -1,17 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5465", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5465", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab CE/EE", + "version": { + "version_data": [ + { + "version_value": "Affects GitLab CE/EE 8.14 and later" + }, + { + "version_value": "Fixed in 12.1.2 in 12.0.4 and in 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/584534", + "url": "https://hackerone.com/reports/584534" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/62070", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/62070" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure issue was discovered in GitLab CE/EE 8.14 and later, by using the move issue feature which could result in disclosure of the newly created issue ID." } ] } diff --git a/2019/5xxx/CVE-2019-5466.json b/2019/5xxx/CVE-2019-5466.json index 9128cd41fd7..1d433790a12 100644 --- a/2019/5xxx/CVE-2019-5466.json +++ b/2019/5xxx/CVE-2019-5466.json @@ -1,17 +1,74 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5466", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5466", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GitLab CE/EE", + "version": { + "version_data": [ + { + "version_value": "Affects GitLab CE/EE 11.5 and later" + }, + { + "version_value": "Fixed in 12.1.2 in 12.0.4 and in 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object Reference (IDOR) (CWE-639)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/507113", + "url": "https://hackerone.com/reports/507113" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/59809", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/59809" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names." } ] } diff --git a/2019/5xxx/CVE-2019-5468.json b/2019/5xxx/CVE-2019-5468.json index 0fe7e60aa35..1a8e17be1eb 100644 --- a/2019/5xxx/CVE-2019-5468.json +++ b/2019/5xxx/CVE-2019-5468.json @@ -1,17 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5468", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5468", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GiltLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": "before 12.1.2" + }, + { + "version_value": "before 12.0.4" + }, + { + "version_value": "before 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation (CAPEC-233)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/493562", + "url": "https://hackerone.com/reports/493562" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/57556", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/57556" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An privilege escalation issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 when Mattermost slash commands are used with a blocked account." } ] } diff --git a/2019/5xxx/CVE-2019-5470.json b/2019/5xxx/CVE-2019-5470.json index 9254c24aae7..1ff7f7a410b 100644 --- a/2019/5xxx/CVE-2019-5470.json +++ b/2019/5xxx/CVE-2019-5470.json @@ -1,17 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5470", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5470", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": "before 12.1.2" + }, + { + "version_value": "before 12.0.4" + }, + { + "version_value": "before 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure (CWE-200)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/490250", + "url": "https://hackerone.com/reports/490250" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ee/issues/9665", + "url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/9665" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6 in the security dashboard which could result in disclosure of vulnerability feedback information." } ] } diff --git a/2019/5xxx/CVE-2019-5472.json b/2019/5xxx/CVE-2019-5472.json index af4c7311198..068e6d0bd31 100644 --- a/2019/5xxx/CVE-2019-5472.json +++ b/2019/5xxx/CVE-2019-5472.json @@ -1,17 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5472", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5472", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab", + "version": { + "version_data": [ + { + "version_value": "before 12.1.2" + }, + { + "version_value": "before 12.0.4" + }, + { + "version_value": "before 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (CWE-400)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/538101", + "url": "https://hackerone.com/reports/538101" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11381", + "url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11381" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authorization issue was discovered in Gitlab versions < 12.1.2, < 12.0.4, and < 11.11.6 that prevented owners and maintainer to delete epic comments." } ] } diff --git a/2019/5xxx/CVE-2019-5474.json b/2019/5xxx/CVE-2019-5474.json index 1b4fdb5d134..b2268f9e7bf 100644 --- a/2019/5xxx/CVE-2019-5474.json +++ b/2019/5xxx/CVE-2019-5474.json @@ -1,17 +1,77 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5474", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5474", + "ASSIGNER": "support@hackerone.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "GitLab", + "product": { + "product_data": [ + { + "product_name": "GitLab EE", + "version": { + "version_data": [ + { + "version_value": "before 12.1.2" + }, + { + "version_value": "before 12.0.4" + }, + { + "version_value": "before 11.11.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control - Generic (CWE-284)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/", + "url": "https://about.gitlab.com/releases/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/" + }, + { + "refsource": "MISC", + "name": "https://hackerone.com/reports/544756", + "url": "https://hackerone.com/reports/544756" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11423", + "url": "https://gitlab.com/gitlab-org/gitlab-ee/issues/11423" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the merge request approval rules to be overridden without appropriate permissions." } ] } diff --git a/2019/5xxx/CVE-2019-5481.json b/2019/5xxx/CVE-2019-5481.json index 3776b537386..111fa9f03f0 100644 --- a/2019/5xxx/CVE-2019-5481.json +++ b/2019/5xxx/CVE-2019-5481.json @@ -78,6 +78,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191004-0003/", "url": "https://security.netapp.com/advisory/ntap-20191004-0003/" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2019/5xxx/CVE-2019-5482.json b/2019/5xxx/CVE-2019-5482.json index aff1b72d2b6..ea2044226e8 100644 --- a/2019/5xxx/CVE-2019-5482.json +++ b/2019/5xxx/CVE-2019-5482.json @@ -78,6 +78,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191004-0003/", "url": "https://security.netapp.com/advisory/ntap-20191004-0003/" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2019/5xxx/CVE-2019-5489.json b/2019/5xxx/CVE-2019-5489.json index 6f9f6768002..8ba04731c6e 100644 --- a/2019/5xxx/CVE-2019-5489.json +++ b/2019/5xxx/CVE-2019-5489.json @@ -196,6 +196,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:4255", "url": "https://access.redhat.com/errata/RHSA-2019:4255" + }, + { + "refsource": "CONFIRM", + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-pagecache-en" } ] } diff --git a/2019/5xxx/CVE-2019-5593.json b/2019/5xxx/CVE-2019-5593.json index 5acb8495851..c5099e7d480 100644 --- a/2019/5xxx/CVE-2019-5593.json +++ b/2019/5xxx/CVE-2019-5593.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5593", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5593", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiOS", + "version": { + "version_data": [ + { + "version_value": "FortiOS 6.2.0 to 6.2.1, 6.0.6 and below" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://fortiguard.com/psirt/FG-IR-19-134", + "url": "https://fortiguard.com/psirt/FG-IR-19-134" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper permission or value checking in the CLI console may allow a non-privileged user to obtain Fortinet FortiOS plaint text private keys of system's builtin local certificates via unsetting the keys encryption password in FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below or for user uploaded local certificates via setting an empty password in FortiOS 6.2.1, 6.2.0, 6.0.6 and below." } ] } diff --git a/2019/5xxx/CVE-2019-5647.json b/2019/5xxx/CVE-2019-5647.json index 1a89ae404c4..2fe876095f1 100644 --- a/2019/5xxx/CVE-2019-5647.json +++ b/2019/5xxx/CVE-2019-5647.json @@ -1,8 +1,35 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cve@rapid7.com", + "DATE_PUBLIC": "2019-08-20T14:00:00.000Z", "ID": "CVE-2019-5647", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Rapid7 AppSpider Chrome Plugin Insufficient Session Expiration" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AppSpider", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "3.8.213", + "version_value": "3.8.213" + } + ] + } + } + ] + }, + "vendor_name": "Rapid7" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +38,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it was not. This issue affects Rapid7 AppSpider version 3.8.213 and prior versions, and is fixed in version 3.8.215." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-613 Insufficient Session Expiration" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://help.rapid7.com/appspiderenterprise/release-notes/?rid=3.8.215", + "refsource": "CONFIRM", + "url": "https://help.rapid7.com/appspiderenterprise/release-notes/?rid=3.8.215" + } + ] + }, + "source": { + "discovery": "USER" } } \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5703.json b/2019/5xxx/CVE-2019-5703.json index 4e43e01d09a..5091535fb93 100644 --- a/2019/5xxx/CVE-2019-5703.json +++ b/2019/5xxx/CVE-2019-5703.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5703", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5703", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5704.json b/2019/5xxx/CVE-2019-5704.json index cc372e1090d..a769fffa2f3 100644 --- a/2019/5xxx/CVE-2019-5704.json +++ b/2019/5xxx/CVE-2019-5704.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5704", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5704", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5705.json b/2019/5xxx/CVE-2019-5705.json index 9bdd0e3e13f..92479cec761 100644 --- a/2019/5xxx/CVE-2019-5705.json +++ b/2019/5xxx/CVE-2019-5705.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5705", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5705", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5706.json b/2019/5xxx/CVE-2019-5706.json index a2ec675df65..06fb2b04c80 100644 --- a/2019/5xxx/CVE-2019-5706.json +++ b/2019/5xxx/CVE-2019-5706.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5706", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5706", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5707.json b/2019/5xxx/CVE-2019-5707.json index b51c440d439..5a2b0414755 100644 --- a/2019/5xxx/CVE-2019-5707.json +++ b/2019/5xxx/CVE-2019-5707.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5707", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5707", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5708.json b/2019/5xxx/CVE-2019-5708.json index 1f31c9f33c3..a4a3cabcbaf 100644 --- a/2019/5xxx/CVE-2019-5708.json +++ b/2019/5xxx/CVE-2019-5708.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5708", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5708", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5709.json b/2019/5xxx/CVE-2019-5709.json index 4d0a9713f43..6536661abd2 100644 --- a/2019/5xxx/CVE-2019-5709.json +++ b/2019/5xxx/CVE-2019-5709.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5709", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5709", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5710.json b/2019/5xxx/CVE-2019-5710.json index b960cf0a9c7..29f80b26764 100644 --- a/2019/5xxx/CVE-2019-5710.json +++ b/2019/5xxx/CVE-2019-5710.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5710", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5710", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5711.json b/2019/5xxx/CVE-2019-5711.json index 213f4b627a1..301eaddb6e2 100644 --- a/2019/5xxx/CVE-2019-5711.json +++ b/2019/5xxx/CVE-2019-5711.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5711", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5711", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5712.json b/2019/5xxx/CVE-2019-5712.json index 1d4e1163d30..574cf898ea0 100644 --- a/2019/5xxx/CVE-2019-5712.json +++ b/2019/5xxx/CVE-2019-5712.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5712", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5712", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5713.json b/2019/5xxx/CVE-2019-5713.json index 2efa9bb9fc3..021b8659f61 100644 --- a/2019/5xxx/CVE-2019-5713.json +++ b/2019/5xxx/CVE-2019-5713.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5713", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5713", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5714.json b/2019/5xxx/CVE-2019-5714.json index 1cca0c4267b..e0972595895 100644 --- a/2019/5xxx/CVE-2019-5714.json +++ b/2019/5xxx/CVE-2019-5714.json @@ -1,17 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5714", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5714", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2019. Notes: none." } ] } diff --git a/2019/5xxx/CVE-2019-5718.json b/2019/5xxx/CVE-2019-5718.json index d5ba943ea30..b82ba7dca72 100644 --- a/2019/5xxx/CVE-2019-5718.json +++ b/2019/5xxx/CVE-2019-5718.json @@ -81,6 +81,11 @@ "refsource": "BUGTRAQ", "name": "20190324 [SECURITY] [DSA 4416-1] wireshark security update", "url": "https://seclists.org/bugtraq/2019/Mar/35" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/5xxx/CVE-2019-5844.json b/2019/5xxx/CVE-2019-5844.json index d7a7bb3b33a..79b0b01cfbd 100644 --- a/2019/5xxx/CVE-2019-5844.json +++ b/2019/5xxx/CVE-2019-5844.json @@ -59,6 +59,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0004", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00002.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0006", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0009", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0053", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html" } ] }, diff --git a/2019/5xxx/CVE-2019-5845.json b/2019/5xxx/CVE-2019-5845.json index f6911af9e0c..0c6e115bc21 100644 --- a/2019/5xxx/CVE-2019-5845.json +++ b/2019/5xxx/CVE-2019-5845.json @@ -59,6 +59,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0004", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00002.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0006", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0009", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0053", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html" } ] }, diff --git a/2019/5xxx/CVE-2019-5846.json b/2019/5xxx/CVE-2019-5846.json index 7ce2ae03b5c..54a503bc336 100644 --- a/2019/5xxx/CVE-2019-5846.json +++ b/2019/5xxx/CVE-2019-5846.json @@ -59,6 +59,21 @@ "refsource": "SUSE", "name": "openSUSE-SU-2020:0004", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00002.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0006", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0009", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0053", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html" } ] }, diff --git a/2019/6xxx/CVE-2019-6036.json b/2019/6xxx/CVE-2019-6036.json index 283f36a974d..8a368ff83e3 100644 --- a/2019/6xxx/CVE-2019-6036.json +++ b/2019/6xxx/CVE-2019-6036.json @@ -1,17 +1,66 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6036", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://f-revocrm.jp/2019/12/9393", + "refsource": "MISC", + "name": "https://f-revocrm.jp/2019/12/9393" + }, + { + "url": "http://jvn.jp/en/jp/JVN97325754/index.html", + "refsource": "MISC", + "name": "http://jvn.jp/en/jp/JVN97325754/index.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 patch6 (version 6 series) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "6.0 to F-RevoCRM 6.5 patch6 (version 6 series)" + } + ] + }, + "product_name": "F-RevoCRM" + } + ] + }, + "vendor_name": "ThinkingReed inc." + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2019-6036", + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site scripting" + } + ] } ] } diff --git a/2019/6xxx/CVE-2019-6146.json b/2019/6xxx/CVE-2019-6146.json index 62f1bdc14fa..d409d27223f 100644 --- a/2019/6xxx/CVE-2019-6146.json +++ b/2019/6xxx/CVE-2019-6146.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6146", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6146", + "ASSIGNER": "psirt@forcepoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Forcepoint Web Security", + "version": { + "version_data": [ + { + "version_value": "8.5, 8.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://support.forcepoint.com/KBArticle?id=000017702", + "url": "https://support.forcepoint.com/KBArticle?id=000017702" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 (Medium) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)" } ] } diff --git a/2019/6xxx/CVE-2019-6205.json b/2019/6xxx/CVE-2019-6205.json index a5052cc006b..612a2370b29 100644 --- a/2019/6xxx/CVE-2019-6205.json +++ b/2019/6xxx/CVE-2019-6205.json @@ -99,6 +99,11 @@ "name": "https://support.apple.com/HT209447", "refsource": "CONFIRM", "url": "https://support.apple.com/HT209447" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156051/XNU-vm_map_copy-Insufficient-Fix.html", + "url": "http://packetstormsecurity.com/files/156051/XNU-vm_map_copy-Insufficient-Fix.html" } ] } diff --git a/2019/6xxx/CVE-2019-6567.json b/2019/6xxx/CVE-2019-6567.json index 612fb08a78b..797cb2116c7 100644 --- a/2019/6xxx/CVE-2019-6567.json +++ b/2019/6xxx/CVE-2019-6567.json @@ -5,8 +5,8 @@ "STATE": "PUBLIC" }, "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", "affects": { "vendor": { "vendor_data": [ @@ -15,7 +15,7 @@ "product": { "product_data": [ { - "product_name": "SCALANCE X-200", + "product_name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)", "version": { "version_data": [ { @@ -25,7 +25,7 @@ } }, { - "product_name": "SCALANCE X-200IRT", + "product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)", "version": { "version_data": [ { @@ -35,11 +35,11 @@ } }, { - "product_name": "SCALANCE X-300", + "product_name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V4.1.3" } ] } @@ -72,6 +72,14 @@ } ] }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All Versions < V5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords. At the time of advisory publication no public exploitation of this security vulnerability was known." + } + ] + }, "references": { "reference_data": [ { @@ -80,13 +88,5 @@ "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-646841.pdf" } ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in SCALANCE X-200 (All Versions < V5.2.4), SCALANCE X-200IRT (All versions), SCALANCE X-300 (All versions), SCALANCE X-414-3E (All versions). The affected devices store passwords in a recoverable format. An attacker may extract and recover device passwords from the device configuration. Successful exploitation requires access to a device configuration backup and impacts confidentiality of the stored passwords. At the time of advisory publication no public exploitation of this security vulnerability was known." - } - ] } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6568.json b/2019/6xxx/CVE-2019-6568.json index 2686acc3d05..4e07e84dbea 100644 --- a/2019/6xxx/CVE-2019-6568.json +++ b/2019/6xxx/CVE-2019-6568.json @@ -35,7 +35,7 @@ } }, { - "product_name": "SIMATIC CP343-1 Advanced", + "product_name": "CP343-1 Advanced (incl. SIPLUS NET variants)", "version": { "version_data": [ { @@ -45,7 +45,7 @@ } }, { - "product_name": "SIMATIC CP443-1", + "product_name": "CP443-1 (incl. SIPLUS NET variants)", "version": { "version_data": [ { @@ -55,7 +55,7 @@ } }, { - "product_name": "SIMATIC CP443-1 Advanced", + "product_name": "CP443-1 Advanced (incl. SIPLUS NET variants)", "version": { "version_data": [ { @@ -65,7 +65,7 @@ } }, { - "product_name": "SIMATIC CP443-1 OPC UA", + "product_name": "CP443-1 OPC UA (incl. SIPLUS NET variants)", "version": { "version_data": [ { @@ -75,7 +75,7 @@ } }, { - "product_name": "SIMATIC ET 200 SP Open Controller CPU 1515SP PC", + "product_name": "SIMATIC ET 200 SP Open Controller CPU 1515SP PC (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -85,7 +85,7 @@ } }, { - "product_name": "SIMATIC ET 200 SP Open Controller CPU 1515SP PC2", + "product_name": "SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -95,31 +95,31 @@ } }, { - "product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\"", + "product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V15.1 Upd 4" } ] } }, { - "product_name": "SIMATIC HMI Comfort Panels 4\" - 22\"", + "product_name": "SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V15.1 Upd 4" } ] } }, { - "product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F", + "product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V15.1 Upd 4" } ] } @@ -195,7 +195,7 @@ } }, { - "product_name": "SIMATIC S7-1500 CPU family", + "product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "version": { "version_data": [ { @@ -215,7 +215,7 @@ } }, { - "product_name": "SIMATIC S7-300 CPU family", + "product_name": "SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants)", "version": { "version_data": [ { @@ -225,7 +225,7 @@ } }, { - "product_name": "SIMATIC S7-400 PN (incl. F) V6 and below", + "product_name": "SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -235,7 +235,7 @@ } }, { - "product_name": "SIMATIC S7-400 PN/DP V7 (incl. F)", + "product_name": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -299,13 +299,13 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V15.1 Upd 4" } ] } }, { - "product_name": "SIMOCODE pro V EIP", + "product_name": "SIMOCODE pro V EIP (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -315,7 +315,7 @@ } }, { - "product_name": "SIMOCODE pro V PN", + "product_name": "SIMOCODE pro V PN (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -325,7 +325,7 @@ } }, { - "product_name": "SINAMICS G130 V4.6 (Control Unit)", + "product_name": "SINAMICS G130 V4.6 Control Unit", "version": { "version_data": [ { @@ -335,7 +335,7 @@ } }, { - "product_name": "SINAMICS G130 V4.7 (Control Unit)", + "product_name": "SINAMICS G130 V4.7 Control Unit", "version": { "version_data": [ { @@ -345,7 +345,7 @@ } }, { - "product_name": "SINAMICS G130 V4.7 SP1 (Control Unit)", + "product_name": "SINAMICS G130 V4.7 SP1 Control Unit", "version": { "version_data": [ { @@ -355,7 +355,7 @@ } }, { - "product_name": "SINAMICS G130 V4.8 (Control Unit)", + "product_name": "SINAMICS G130 V4.8 Control Unit", "version": { "version_data": [ { @@ -365,7 +365,7 @@ } }, { - "product_name": "SINAMICS G130 V5.1 (Control Unit)", + "product_name": "SINAMICS G130 V5.1 Control Unit", "version": { "version_data": [ { @@ -375,7 +375,7 @@ } }, { - "product_name": "SINAMICS G130 V5.1 SP1 (Control Unit)", + "product_name": "SINAMICS G130 V5.1 SP1 Control Unit", "version": { "version_data": [ { @@ -385,7 +385,7 @@ } }, { - "product_name": "SINAMICS G150 V4.6 (Control Unit)", + "product_name": "SINAMICS G150 V4.6 Control Unit", "version": { "version_data": [ { @@ -395,7 +395,7 @@ } }, { - "product_name": "SINAMICS G150 V4.7 (Control Unit)", + "product_name": "SINAMICS G150 V4.7 Control Unit", "version": { "version_data": [ { @@ -405,7 +405,7 @@ } }, { - "product_name": "SINAMICS G150 V4.7 SP1 (Control Unit)", + "product_name": "SINAMICS G150 V4.7 SP1 Control Unit", "version": { "version_data": [ { @@ -415,7 +415,7 @@ } }, { - "product_name": "SINAMICS G150 V4.8 (Control Unit)", + "product_name": "SINAMICS G150 V4.8 Control Unit", "version": { "version_data": [ { @@ -425,7 +425,7 @@ } }, { - "product_name": "SINAMICS G150 V5.1 (Control Unit)", + "product_name": "SINAMICS G150 V5.1 Control Unit", "version": { "version_data": [ { @@ -435,7 +435,7 @@ } }, { - "product_name": "SINAMICS G150 V5.1 SP1 (Control Unit)", + "product_name": "SINAMICS G150 V5.1 SP1 Control Unit", "version": { "version_data": [ { @@ -505,7 +505,7 @@ } }, { - "product_name": "SINAMICS S120 V4.6 (Control Unit)", + "product_name": "SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -515,7 +515,7 @@ } }, { - "product_name": "SINAMICS S120 V4.7 (Control Unit)", + "product_name": "SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -525,7 +525,7 @@ } }, { - "product_name": "SINAMICS S120 V4.7 SP1 (Control Unit)", + "product_name": "SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -535,7 +535,7 @@ } }, { - "product_name": "SINAMICS S120 V4.8 (Control Unit)", + "product_name": "SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -545,7 +545,7 @@ } }, { - "product_name": "SINAMICS S120 V5.1 (Control Unit)", + "product_name": "SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -555,7 +555,7 @@ } }, { - "product_name": "SINAMICS S120 V5.1 SP1 (Control Unit)", + "product_name": "SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -565,7 +565,7 @@ } }, { - "product_name": "SINAMICS S150 V4.6 (Control Unit)", + "product_name": "SINAMICS S150 V4.6 Control Unit", "version": { "version_data": [ { @@ -575,7 +575,7 @@ } }, { - "product_name": "SINAMICS S150 V4.7 (Control Unit)", + "product_name": "SINAMICS S150 V4.7 Control Unit", "version": { "version_data": [ { @@ -585,7 +585,7 @@ } }, { - "product_name": "SINAMICS S150 V4.7 SP1 (Control Unit)", + "product_name": "SINAMICS S150 V4.7 SP1 Control Unit", "version": { "version_data": [ { @@ -595,7 +595,7 @@ } }, { - "product_name": "SINAMICS S150 V4.8 (Control Unit)", + "product_name": "SINAMICS S150 V4.8 Control Unit", "version": { "version_data": [ { @@ -605,7 +605,7 @@ } }, { - "product_name": "SINAMICS S150 V5.1 (Control Unit)", + "product_name": "SINAMICS S150 V5.1 Control Unit", "version": { "version_data": [ { @@ -615,7 +615,7 @@ } }, { - "product_name": "SINAMICS S150 V5.1 SP1 (Control Unit)", + "product_name": "SINAMICS S150 V5.1 SP1 Control Unit", "version": { "version_data": [ { @@ -625,7 +625,7 @@ } }, { - "product_name": "SINAMICS S210 V5.1 (Control Unit)", + "product_name": "SINAMICS S210 V5.1 Control Unit", "version": { "version_data": [ { @@ -635,7 +635,7 @@ } }, { - "product_name": "SINAMICS S210 V5.1 SP1 (Control Unit)", + "product_name": "SINAMICS S210 V5.1 SP1 Control Unit", "version": { "version_data": [ { @@ -699,7 +699,7 @@ "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V1.1" } ] } @@ -715,17 +715,17 @@ } }, { - "product_name": "SITOP UPS1600", + "product_name": "SITOP UPS1600 (incl. SIPLUS variants)", "version": { "version_data": [ { - "version_value": "All versions" + "version_value": "All versions < V2.3" } ] } }, { - "product_name": "TIM 1531 IRC", + "product_name": "TIM 1531 IRC (incl. SIPLUS variants)", "version": { "version_data": [ { @@ -756,7 +756,7 @@ "description_data": [ { "lang": "eng", - "value": "A vulnerability has been identified in CP1604, CP1616, SIMATIC CP343-1 Advanced, SIMATIC CP443-1, SIMATIC CP443-1 Advanced, SIMATIC CP443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC, SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, SIMATIC HMI Comfort Outdoor Panels 7\" & 15\", SIMATIC HMI Comfort Panels 4\" - 22\", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family, SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family, SIMATIC S7-400 PN (incl. F) V6 and below, SIMATIC S7-400 PN/DP V7 (incl. F), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP, SIMOCODE pro V PN, SINAMICS G130 V4.6 (Control Unit), SINAMICS G130 V4.7 (Control Unit), SINAMICS G130 V4.7 SP1 (Control Unit), SINAMICS G130 V4.8 (Control Unit), SINAMICS G130 V5.1 (Control Unit), SINAMICS G130 V5.1 SP1 (Control Unit), SINAMICS G150 V4.6 (Control Unit), SINAMICS G150 V4.7 (Control Unit), SINAMICS G150 V4.7 SP1 (Control Unit), SINAMICS G150 V4.8 (Control Unit), SINAMICS G150 V5.1 (Control Unit), SINAMICS G150 V5.1 SP1 (Control Unit), SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 (Control Unit), SINAMICS S120 V4.7 (Control Unit), SINAMICS S120 V4.7 SP1 (Control Unit), SINAMICS S120 V4.8 (Control Unit), SINAMICS S120 V5.1 (Control Unit), SINAMICS S120 V5.1 SP1 (Control Unit), SINAMICS S150 V4.6 (Control Unit), SINAMICS S150 V4.7 (Control Unit), SINAMICS S150 V4.7 SP1 (Control Unit), SINAMICS S150 V4.8 (Control Unit), SINAMICS S150 V5.1 (Control Unit), SINAMICS S150 V5.1 SP1 (Control Unit), SINAMICS S210 V5.1 (Control Unit), SINAMICS S210 V5.1 SP1 (Control Unit), SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600, TIM 1531 IRC. The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known." + "value": "A vulnerability has been identified in CP1604, CP1616, CP343-1 Advanced (incl. SIPLUS NET variants), CP443-1 (incl. SIPLUS NET variants), CP443-1 Advanced (incl. SIPLUS NET variants), CP443-1 OPC UA (incl. SIPLUS NET variants), SIMATIC ET 200 SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200 SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (incl. SIPLUS variants), SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SINAMICS G130 V4.6 Control Unit, SINAMICS G130 V4.7 Control Unit, SINAMICS G130 V4.7 SP1 Control Unit, SINAMICS G130 V4.8 Control Unit, SINAMICS G130 V5.1 Control Unit, SINAMICS G130 V5.1 SP1 Control Unit, SINAMICS G150 V4.6 Control Unit, SINAMICS G150 V4.7 Control Unit, SINAMICS G150 V4.7 SP1 Control Unit, SINAMICS G150 V4.8 Control Unit, SINAMICS G150 V5.1 Control Unit, SINAMICS G150 V5.1 SP1 Control Unit, SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S150 V4.6 Control Unit, SINAMICS S150 V4.7 Control Unit, SINAMICS S150 V4.7 SP1 Control Unit, SINAMICS S150 V4.8 Control Unit, SINAMICS S150 V5.1 Control Unit, SINAMICS S150 V5.1 SP1 Control Unit, SINAMICS S210 V5.1 Control Unit, SINAMICS S210 V5.1 SP1 Control Unit, SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600 (incl. SIPLUS variants), TIM 1531 IRC (incl. SIPLUS variants). The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known." } ] }, diff --git a/2019/6xxx/CVE-2019-6569.json b/2019/6xxx/CVE-2019-6569.json index 626759187b6..3395acf9832 100644 --- a/2019/6xxx/CVE-2019-6569.json +++ b/2019/6xxx/CVE-2019-6569.json @@ -5,8 +5,8 @@ "STATE": "PUBLIC" }, "data_format": "MITRE", - "data_type": "CVE", "data_version": "4.0", + "data_type": "CVE", "affects": { "vendor": { "vendor_data": [ @@ -15,31 +15,31 @@ "product": { "product_data": [ { - "product_name": "Scalance X-200", + "product_name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)", "version": { "version_data": [ { - "version_value": "All versions = V7.1), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15-P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC-NMS (All versions), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication. At the time of advisory publication no public exploitation of this security vulnerability was known." + } + ] + }, "references": { "reference_data": [ { @@ -210,13 +218,5 @@ "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf" } ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability has been identified in SIMATIC CP443-1 OPC UA (All versions), SIMATIC ET 200 Open Controller CPU 1515SP PC2 (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (All versions), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F (All versions), SIMATIC IPC DiagMonitor (All versions), SIMATIC NET PC Software (All versions >= V7.1), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R (All versions < V3.2.1), SIMATIC S7-1500 CPU family (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15-P018), SIMATIC WinCC Runtime Advanced (All versions), SINEC-NMS (All versions), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication. At the time of advisory publication no public exploitation of this security vulnerability was known." - } - ] } } \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6695.json b/2019/6xxx/CVE-2019-6695.json index 45e9d53892d..9e5cc15c8b8 100644 --- a/2019/6xxx/CVE-2019-6695.json +++ b/2019/6xxx/CVE-2019-6695.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods." + "value": "Lack of root file system integrity checking in Fortinet FortiManager VM application images of 6.2.0, 6.0.6 and below may allow an attacker to implant third-party programs by recreating the image through specific methods." } ] } diff --git a/2019/6xxx/CVE-2019-6856.json b/2019/6xxx/CVE-2019-6856.json index 3d58c56169e..627ddb2e266 100644 --- a/2019/6xxx/CVE-2019-6856.json +++ b/2019/6xxx/CVE-2019-6856.json @@ -57,6 +57,11 @@ "refsource": "CONFIRM", "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01", "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01" } ] }, diff --git a/2019/6xxx/CVE-2019-6857.json b/2019/6xxx/CVE-2019-6857.json index f6242f63cdb..e9c97f82ab8 100644 --- a/2019/6xxx/CVE-2019-6857.json +++ b/2019/6xxx/CVE-2019-6857.json @@ -57,6 +57,11 @@ "refsource": "CONFIRM", "name": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01", "url": "https://www.se.com/ww/en/download/document/SEVD-2019-344-01" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-016-01" } ] }, diff --git a/2019/6xxx/CVE-2019-6858.json b/2019/6xxx/CVE-2019-6858.json index 4798289f4d6..8b088f54077 100644 --- a/2019/6xxx/CVE-2019-6858.json +++ b/2019/6xxx/CVE-2019-6858.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-6858", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-6858", + "ASSIGNER": "cybersecurity@schneider-electric.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "MSX Configurator (Software Version prior to V1.0.8.1)", + "version": { + "version_data": [ + { + "version_value": "MSX Configurator (Software Version prior to V1.0.8.1)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-427:Uncontrolled Search Path Element" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.se.com/ww/en/download/document/SEVD-2020-014-01", + "url": "https://www.se.com/ww/en/download/document/SEVD-2020-014-01" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CWE-427:Uncontrolled Search Path Element vulnerability exists in MSX Configurator (Software Version prior to V1.0.8.1), which could cause privilege escalation when injecting a malicious DLL." } ] } diff --git a/2019/6xxx/CVE-2019-6974.json b/2019/6xxx/CVE-2019-6974.json index 6b0e4db84d1..1e0916ad5f2 100644 --- a/2019/6xxx/CVE-2019-6974.json +++ b/2019/6xxx/CVE-2019-6974.json @@ -186,6 +186,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3967", "url": "https://access.redhat.com/errata/RHSA-2019:3967" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0103", + "url": "https://access.redhat.com/errata/RHSA-2020:0103" } ] } diff --git a/2019/7xxx/CVE-2019-7131.json b/2019/7xxx/CVE-2019-7131.json index 7832356b98c..1f7301a7674 100644 --- a/2019/7xxx/CVE-2019-7131.json +++ b/2019/7xxx/CVE-2019-7131.json @@ -1,18 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7131", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010.20064 and earlier, 2017.011.30110 and earlier version, and 2015.006.30461 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2019.010.20064\u00a0and earlier, 2019.010.20064\u00a0and earlier, 2017.011.30110\u00a0and earlier version, and 2015.006.30461\u00a0and earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-02.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb19-02.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-7131", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7317.json b/2019/7xxx/CVE-2019-7317.json index 9a61650e87a..649aca1e1e8 100644 --- a/2019/7xxx/CVE-2019-7317.json +++ b/2019/7xxx/CVE-2019-7317.json @@ -246,6 +246,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:2737", "url": "https://access.redhat.com/errata/RHSA-2019:2737" + }, + { + "refsource": "CONFIRM", + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03977en_us" } ] } diff --git a/2019/7xxx/CVE-2019-7635.json b/2019/7xxx/CVE-2019-7635.json index a7a8408ed4a..5ea14ec32ae 100644 --- a/2019/7xxx/CVE-2019-7635.json +++ b/2019/7xxx/CVE-2019-7635.json @@ -136,6 +136,11 @@ "refsource": "MLIST", "name": "[debian-lts-announce] 20191017 [SECURITY] [DLA 1713-2] libsdl1.2 regression update", "url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00020.html" + }, + { + "refsource": "UBUNTU", + "name": "USN-4238-1", + "url": "https://usn.ubuntu.com/4238-1/" } ] } diff --git a/2019/8xxx/CVE-2019-8257.json b/2019/8xxx/CVE-2019-8257.json index b79eb5697b7..3565b55b061 100644 --- a/2019/8xxx/CVE-2019-8257.json +++ b/2019/8xxx/CVE-2019-8257.json @@ -1,18 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8257", - "STATE": "RESERVED" - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution ." } ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": ", 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142\u202fand earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier versions" + } + ] + }, + "product_name": "Adobe Acrobat and Reader" + } + ] + }, + "vendor_name": "Adobe" + } + ] + } + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free\u202f\u202f\u202f" + } + ] + } + ] + }, + "data_version": "4.0", + "references": { + "reference_data": [ + { + "url": "https://helpx.adobe.com/security/products/acrobat/apsb19-41.html", + "refsource": "CONFIRM", + "name": "https://helpx.adobe.com/security/products/acrobat/apsb19-41.html" + } + ] + }, + "CVE_data_meta": { + "STATE": "PUBLIC", + "ID": "CVE-2019-8257", + "ASSIGNER": "psirt@adobe.com" } } \ No newline at end of file diff --git a/2019/8xxx/CVE-2019-8457.json b/2019/8xxx/CVE-2019-8457.json index 27b0811d66a..8fc078c3119 100644 --- a/2019/8xxx/CVE-2019-8457.json +++ b/2019/8xxx/CVE-2019-8457.json @@ -98,6 +98,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] }, diff --git a/2019/8xxx/CVE-2019-8912.json b/2019/8xxx/CVE-2019-8912.json index b9f9ccddb63..edf65efdba5 100644 --- a/2019/8xxx/CVE-2019-8912.json +++ b/2019/8xxx/CVE-2019-8912.json @@ -86,6 +86,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:1193", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00052.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0174", + "url": "https://access.redhat.com/errata/RHSA-2020:0174" } ] } diff --git a/2019/8xxx/CVE-2019-8945.json b/2019/8xxx/CVE-2019-8945.json index 65f85259783..8b1cdb064f4 100644 --- a/2019/8xxx/CVE-2019-8945.json +++ b/2019/8xxx/CVE-2019-8945.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-8945", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109122", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109122" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109123", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109123" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109124", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109124" } ] } diff --git a/2019/8xxx/CVE-2019-8946.json b/2019/8xxx/CVE-2019-8946.json index d12a3131725..e4f1eca34a6 100644 --- a/2019/8xxx/CVE-2019-8946.json +++ b/2019/8xxx/CVE-2019-8946.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-8946", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109122", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109122" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109123", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109123" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109124", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109124" } ] } diff --git a/2019/8xxx/CVE-2019-8947.json b/2019/8xxx/CVE-2019-8947.json index d0ab96c0c74..f7e69a7dfb9 100644 --- a/2019/8xxx/CVE-2019-8947.json +++ b/2019/8xxx/CVE-2019-8947.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-8947", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "refsource": "MISC", + "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109122", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109122" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109123", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109123" + }, + { + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=109124", + "refsource": "MISC", + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=109124" } ] } diff --git a/2019/9xxx/CVE-2019-9208.json b/2019/9xxx/CVE-2019-9208.json index 55e7300edcb..cabb410dc41 100644 --- a/2019/9xxx/CVE-2019-9208.json +++ b/2019/9xxx/CVE-2019-9208.json @@ -96,6 +96,11 @@ "refsource": "UBUNTU", "name": "USN-3986-1", "url": "https://usn.ubuntu.com/3986-1/" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/9xxx/CVE-2019-9213.json b/2019/9xxx/CVE-2019-9213.json index d4d2095c96a..2629628b366 100644 --- a/2019/9xxx/CVE-2019-9213.json +++ b/2019/9xxx/CVE-2019-9213.json @@ -176,6 +176,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:1480", "url": "https://access.redhat.com/errata/RHSA-2019:1480" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html" } ] } diff --git a/2019/9xxx/CVE-2019-9232.json b/2019/9xxx/CVE-2019-9232.json index 1352be6f0d2..19c7e56a602 100644 --- a/2019/9xxx/CVE-2019-9232.json +++ b/2019/9xxx/CVE-2019-9232.json @@ -83,6 +83,21 @@ "refsource": "DEBIAN", "name": "DSA-4578", "url": "https://www.debian.org/security/2019/dsa-4578" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-65eac1b48b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-6cd410d9e4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0105", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9325.json b/2019/9xxx/CVE-2019-9325.json index 2a21abdf53c..757e4a1cb09 100644 --- a/2019/9xxx/CVE-2019-9325.json +++ b/2019/9xxx/CVE-2019-9325.json @@ -78,6 +78,21 @@ "refsource": "DEBIAN", "name": "DSA-4578", "url": "https://www.debian.org/security/2019/dsa-4578" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-65eac1b48b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-6cd410d9e4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0105", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9371.json b/2019/9xxx/CVE-2019-9371.json index 3d12d795fd3..1ef290ae958 100644 --- a/2019/9xxx/CVE-2019-9371.json +++ b/2019/9xxx/CVE-2019-9371.json @@ -78,6 +78,21 @@ "refsource": "DEBIAN", "name": "DSA-4578", "url": "https://www.debian.org/security/2019/dsa-4578" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-65eac1b48b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-6cd410d9e4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0105", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9433.json b/2019/9xxx/CVE-2019-9433.json index f0f64c68ec5..4d4d378cd9e 100644 --- a/2019/9xxx/CVE-2019-9433.json +++ b/2019/9xxx/CVE-2019-9433.json @@ -83,6 +83,21 @@ "refsource": "DEBIAN", "name": "DSA-4578", "url": "https://www.debian.org/security/2019/dsa-4578" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-65eac1b48b", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6/" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-6cd410d9e4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0105", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html" } ] }, diff --git a/2019/9xxx/CVE-2019-9493.json b/2019/9xxx/CVE-2019-9493.json index 85b1d645c1b..bc0a3e753fc 100644 --- a/2019/9xxx/CVE-2019-9493.json +++ b/2019/9xxx/CVE-2019-9493.json @@ -1,8 +1,40 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", + "DATE_PUBLIC": "2019-04-08T00:00:00.000Z", "ID": "CVE-2019-9493", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "MyCar Controls uses hard-coded credentials" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MyCar Controls", + "version": { + "version_data": [ + { + "platform": "iOS", + "version_affected": "<", + "version_value": "3.4.24" + }, + { + "platform": "Android", + "version_affected": "<", + "version_value": "4.1.2" + } + ] + } + } + ] + }, + "vendor_name": "AutoMobility Distribution Inc." + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +43,72 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#174715", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/174715/" + }, + { + "name": "https://www.securityfocus.com/bid/107827", + "refsource": "BID", + "url": "https://www.securityfocus.com/bid/107827" + }, + { + "name": "https://play.google.com/store/apps/details?id=app.com.automobility.mycar.control", + "refsource": "MISC", + "url": "https://play.google.com/store/apps/details?id=app.com.automobility.mycar.control" + }, + { + "name": "https://mycarcontrols.com/", + "refsource": "MISC", + "url": "https://mycarcontrols.com/" + }, + { + "name": "https://itunes.apple.com/us/app/mycar-controls/id1126511815", + "refsource": "MISC", + "url": "https://itunes.apple.com/us/app/mycar-controls/id1126511815" + } + ] + }, + "source": { + "advisory": "VU#174715", + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9500.json b/2019/9xxx/CVE-2019-9500.json index 95d39b49410..06915d9c3ad 100644 --- a/2019/9xxx/CVE-2019-9500.json +++ b/2019/9xxx/CVE-2019-9500.json @@ -1,8 +1,32 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2019-9500", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Broadcom brcmfmac driver is vulnerable to a heap buffer overflow" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "brcmfmac WiFi driver", + "version": { + "version_data": [ + { + "version_value": "commit prior to 1b5e2423164b3670e8bc9174e4762d297990deff" + } + ] + } + } + ] + }, + "vendor_name": "Broadcom" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +35,68 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.9, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122 Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html", + "name": "https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html" + }, + { + "refsource": "MISC", + "url": "https://kb.cert.org/vuls/id/166939/", + "name": "https://kb.cert.org/vuls/id/166939/" + }, + { + "refsource": "MISC", + "url": "https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff", + "name": "https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "https://git.kernel.org/linus/1b5e2423164b3670e8bc9174e4762d297990deff" + } + ], + "source": { + "advisory": "VU#166939", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9503.json b/2019/9xxx/CVE-2019-9503.json index 5fa90749353..3dd76f83a23 100644 --- a/2019/9xxx/CVE-2019-9503.json +++ b/2019/9xxx/CVE-2019-9503.json @@ -1,8 +1,32 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", "ID": "CVE-2019-9503", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Broadcom brcmfmac driver is vulnerable to a frame validation bypass" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "brcmfmac WiFi driver", + "version": { + "version_data": [ + { + "version_value": "commit prior to a4176ec356c73a46c07c181c6d04039fafa34a9f" + } + ] + } + } + ] + }, + "vendor_name": "Broadcom" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +35,68 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.9, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html", + "name": "https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html" + }, + { + "refsource": "MISC", + "url": "https://kb.cert.org/vuls/id/166939/", + "name": "https://kb.cert.org/vuls/id/166939/" + }, + { + "refsource": "MISC", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4176ec356c73a46c07c181c6d04039fafa34a9f", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4176ec356c73a46c07c181c6d04039fafa34a9f" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a4176ec356c73a46c07c181c6d04039fafa34a9f" + } + ], + "source": { + "advisory": "VU#166939", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9510.json b/2019/9xxx/CVE-2019-9510.json old mode 100644 new mode 100755 index 56ee59a62d0..f47282eefe3 --- a/2019/9xxx/CVE-2019-9510.json +++ b/2019/9xxx/CVE-2019-9510.json @@ -1,9 +1,54 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "cert@cert.org", + "DATE_PUBLIC": "2019-06-04T00:00:00.000Z", "ID": "CVE-2019-9510", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Microsoft Windows RDP can bypass the Windows lock screen" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 or newer system using RDP", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_name": "10 ", + "version_value": "1803" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_affected": ">=", + "version_name": "2019", + "version_value": "2019" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Thanks to Joe Tammariello of the SEI for reporting this vulnerability." + } + ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", @@ -11,8 +56,73 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 and later systems can allow authenticated RDP-connected clients to gain access to user sessions without needing to interact with the Windows lock screen. Should a network anomaly trigger a temporary RDP disconnect, Automatic Reconnection of the RDP session will be restored to an unlocked state, regardless of how the remote system was left. By interrupting network connectivity of a system, an attacker with access to a system being used as a Windows RDP client can gain access to a connected remote system, regardless of whether or not the remote system was locked. This issue affects Microsoft Windows 10, version 1803 and later, and Microsoft Windows Server 2019, version 2019 and later." } ] - } + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-288" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#576688", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/576688/" + }, + { + "name": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713(v=ws.11)", + "refsource": "MISC", + "url": "https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732713(v=ws.11)" + }, + { + "name":"https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e729948a-3f4e-4568-9aef-d355e30b5389", + "refsource": "MISC", + "url": "https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rdpbcgr/e729948a-3f4e-4568-9aef-d355e30b5389" + }, + { + "name": "https://social.technet.microsoft.com/Forums/windowsserver/en-US/1fd171de-a1b5-4721-86bf-082e4a375049/rds-2019-but-probably-other-versions-as-well-locked-rdp-session-logs-in-after-session-reconnect", + "refsource": "MISC", + "url": "https://social.technet.microsoft.com/Forums/windowsserver/en-US/1fd171de-a1b5-4721-86bf-082e4a375049/rds-2019-but-probably-other-versions-as-well-locked-rdp-session-logs-in-after-session-reconnect" + } + ] + }, + "source": { + "advisory": "VU#576688", + "discovery": "UNKNOWN" + }, + "work_around": [ + { + "lang": "eng", + "value": "Disable RDP automatic reconnection on RDP servers. Disconnect RDP sessions instead of locking them." + } + ] } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9636.json b/2019/9xxx/CVE-2019-9636.json index ab524500cac..61c352b3f52 100644 --- a/2019/9xxx/CVE-2019-9636.json +++ b/2019/9xxx/CVE-2019-9636.json @@ -281,6 +281,16 @@ "refsource": "FEDORA", "name": "FEDORA-2019-57462fa10d", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4X3HW5JRZ7GCPSR7UHJOLD7AWLTQCDVR/" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2019/9xxx/CVE-2019-9770.json b/2019/9xxx/CVE-2019-9770.json index 2ef3dfbe018..f00be15e3d3 100644 --- a/2019/9xxx/CVE-2019-9770.json +++ b/2019/9xxx/CVE-2019-9770.json @@ -66,6 +66,16 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/9xxx/CVE-2019-9771.json b/2019/9xxx/CVE-2019-9771.json index 83d115228be..13a2cc16f99 100644 --- a/2019/9xxx/CVE-2019-9771.json +++ b/2019/9xxx/CVE-2019-9771.json @@ -66,6 +66,16 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/9xxx/CVE-2019-9772.json b/2019/9xxx/CVE-2019-9772.json index d149d7b1b9e..0a99969bae8 100644 --- a/2019/9xxx/CVE-2019-9772.json +++ b/2019/9xxx/CVE-2019-9772.json @@ -66,6 +66,16 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/9xxx/CVE-2019-9773.json b/2019/9xxx/CVE-2019-9773.json index b6e23fabc95..5ce9be47c83 100644 --- a/2019/9xxx/CVE-2019-9773.json +++ b/2019/9xxx/CVE-2019-9773.json @@ -66,6 +66,16 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/9xxx/CVE-2019-9774.json b/2019/9xxx/CVE-2019-9774.json index 36b21a55c4b..6f8ba44ce1f 100644 --- a/2019/9xxx/CVE-2019-9774.json +++ b/2019/9xxx/CVE-2019-9774.json @@ -66,6 +66,16 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/9xxx/CVE-2019-9775.json b/2019/9xxx/CVE-2019-9775.json index 2cf68967d0c..abcdcebfcec 100644 --- a/2019/9xxx/CVE-2019-9775.json +++ b/2019/9xxx/CVE-2019-9775.json @@ -66,6 +66,16 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/9xxx/CVE-2019-9776.json b/2019/9xxx/CVE-2019-9776.json index 2e1cbfe97e3..8aa07ecc7f0 100644 --- a/2019/9xxx/CVE-2019-9776.json +++ b/2019/9xxx/CVE-2019-9776.json @@ -66,6 +66,16 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/9xxx/CVE-2019-9777.json b/2019/9xxx/CVE-2019-9777.json index 2141fc4a5e9..6e9eabf7965 100644 --- a/2019/9xxx/CVE-2019-9777.json +++ b/2019/9xxx/CVE-2019-9777.json @@ -66,6 +66,16 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/9xxx/CVE-2019-9778.json b/2019/9xxx/CVE-2019-9778.json index dbbe7dba11d..1d925acc435 100644 --- a/2019/9xxx/CVE-2019-9778.json +++ b/2019/9xxx/CVE-2019-9778.json @@ -66,6 +66,16 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/9xxx/CVE-2019-9779.json b/2019/9xxx/CVE-2019-9779.json index a34f682d59c..a73dc51d675 100644 --- a/2019/9xxx/CVE-2019-9779.json +++ b/2019/9xxx/CVE-2019-9779.json @@ -66,6 +66,16 @@ "refsource": "BID", "name": "107447", "url": "http://www.securityfocus.com/bid/107447" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0068", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00033.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0095", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00045.html" } ] } diff --git a/2019/9xxx/CVE-2019-9936.json b/2019/9xxx/CVE-2019-9936.json index 5c876dade83..e7d595c6223 100644 --- a/2019/9xxx/CVE-2019-9936.json +++ b/2019/9xxx/CVE-2019-9936.json @@ -106,6 +106,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/9xxx/CVE-2019-9937.json b/2019/9xxx/CVE-2019-9937.json index 002d20d3927..bed8956f000 100644 --- a/2019/9xxx/CVE-2019-9937.json +++ b/2019/9xxx/CVE-2019-9937.json @@ -106,6 +106,11 @@ "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2019/9xxx/CVE-2019-9947.json b/2019/9xxx/CVE-2019-9947.json index 17f97ff2536..84b1296156f 100644 --- a/2019/9xxx/CVE-2019-9947.json +++ b/2019/9xxx/CVE-2019-9947.json @@ -131,6 +131,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3725", "url": "https://access.redhat.com/errata/RHSA-2019:3725" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0086", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html" } ] } diff --git a/2020/0xxx/CVE-2020-0009.json b/2020/0xxx/CVE-2020-0009.json index a88a03a21d9..1d167870520 100644 --- a/2020/0xxx/CVE-2020-0009.json +++ b/2020/0xxx/CVE-2020-0009.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://source.android.com/security/bulletin/2020-01-11", "url": "https://source.android.com/security/bulletin/2020-01-11" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155903/Android-ashmem-Read-Only-Bypasses.html", + "url": "http://packetstormsecurity.com/files/155903/Android-ashmem-Read-Only-Bypasses.html" } ] }, diff --git a/2020/0xxx/CVE-2020-0548.json b/2020/0xxx/CVE-2020-0548.json new file mode 100644 index 00000000000..a27d03e5d84 --- /dev/null +++ b/2020/0xxx/CVE-2020-0548.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0548", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processors", + "version": { + "version_data": [ + { + "version_value": "see references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0549.json b/2020/0xxx/CVE-2020-0549.json new file mode 100644 index 00000000000..3ddba2166cf --- /dev/null +++ b/2020/0xxx/CVE-2020-0549.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-0549", + "ASSIGNER": "secure@intel.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Intel", + "product": { + "product_data": [ + { + "product_name": "Intel(R) Processors", + "version": { + "version_data": [ + { + "version_value": "see references" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html", + "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access." + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0601.json b/2020/0xxx/CVE-2020-0601.json new file mode 100644 index 00000000000..c52f93eee2b --- /dev/null +++ b/2020/0xxx/CVE-2020-0601.json @@ -0,0 +1,210 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0601", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html", + "url": "http://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html", + "url": "http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0602.json b/2020/0xxx/CVE-2020-0602.json new file mode 100644 index 00000000000..5d7578b8eeb --- /dev/null +++ b/2020/0xxx/CVE-2020-0602.json @@ -0,0 +1,78 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ASP.NET Core", + "version": { + "version_data": [ + { + "version_value": "2.1" + }, + { + "version_value": "3.0" + }, + { + "version_value": "3.1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0130", + "url": "https://access.redhat.com/errata/RHSA-2020:0130" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0134", + "url": "https://access.redhat.com/errata/RHSA-2020:0134" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0603.json b/2020/0xxx/CVE-2020-0603.json new file mode 100644 index 00000000000..aba55ce6099 --- /dev/null +++ b/2020/0xxx/CVE-2020-0603.json @@ -0,0 +1,78 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ASP.NET Core", + "version": { + "version_data": [ + { + "version_value": "2.1" + }, + { + "version_value": "3.0" + }, + { + "version_value": "3.1" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0130", + "url": "https://access.redhat.com/errata/RHSA-2020:0130" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0134", + "url": "https://access.redhat.com/errata/RHSA-2020:0134" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0605.json b/2020/0xxx/CVE-2020-0605.json new file mode 100644 index 00000000000..9bc968ed36b --- /dev/null +++ b/2020/0xxx/CVE-2020-0605.json @@ -0,0 +1,687 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": ".NET Core", + "version": { + "version_data": [ + { + "version_value": "3.0" + }, + { + "version_value": "3.1" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.0", + "version": { + "version_data": [ + { + "version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "1903" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.5.2", + "version": { + "version_data": [ + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5.1", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5", + "version": { + "version_data": [ + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0606.json b/2020/0xxx/CVE-2020-0606.json new file mode 100644 index 00000000000..e2e4457496b --- /dev/null +++ b/2020/0xxx/CVE-2020-0606.json @@ -0,0 +1,680 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": ".NET Core", + "version": { + "version_data": [ + { + "version_value": "3.0" + }, + { + "version_value": "3.1" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "1903" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.0", + "version": { + "version_data": [ + { + "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5.1", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.5.2", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0607.json b/2020/0xxx/CVE-2020-0607.json new file mode 100644 index 00000000000..2c90ee96b62 --- /dev/null +++ b/2020/0xxx/CVE-2020-0607.json @@ -0,0 +1,233 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Information Disclosure Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0607", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0607" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0608.json b/2020/0xxx/CVE-2020-0608.json new file mode 100644 index 00000000000..c23723f8ed4 --- /dev/null +++ b/2020/0xxx/CVE-2020-0608.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0608", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0608" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0609.json b/2020/0xxx/CVE-2020-0609.json new file mode 100644 index 00000000000..85a07617ff1 --- /dev/null +++ b/2020/0xxx/CVE-2020-0609.json @@ -0,0 +1,71 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0609", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2016" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 R2" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0610." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0610.json b/2020/0xxx/CVE-2020-0610.json new file mode 100644 index 00000000000..c16910e3035 --- /dev/null +++ b/2020/0xxx/CVE-2020-0610.json @@ -0,0 +1,71 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2016" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 R2" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0609." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0611.json b/2020/0xxx/CVE-2020-0611.json new file mode 100644 index 00000000000..05740f9b5c3 --- /dev/null +++ b/2020/0xxx/CVE-2020-0611.json @@ -0,0 +1,236 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0611", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0611" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0612.json b/2020/0xxx/CVE-2020-0612.json new file mode 100644 index 00000000000..903e80c4ff3 --- /dev/null +++ b/2020/0xxx/CVE-2020-0612.json @@ -0,0 +1,65 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0612", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0612" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0613.json b/2020/0xxx/CVE-2020-0613.json new file mode 100644 index 00000000000..f69ddb2f569 --- /dev/null +++ b/2020/0xxx/CVE-2020-0613.json @@ -0,0 +1,215 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0613", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0613" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0614.json b/2020/0xxx/CVE-2020-0614.json new file mode 100644 index 00000000000..257d8092db5 --- /dev/null +++ b/2020/0xxx/CVE-2020-0614.json @@ -0,0 +1,215 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0614", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0614" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0615.json b/2020/0xxx/CVE-2020-0615.json new file mode 100644 index 00000000000..a29994a6666 --- /dev/null +++ b/2020/0xxx/CVE-2020-0615.json @@ -0,0 +1,256 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0639." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0615", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0615" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-123/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-123/" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0616.json b/2020/0xxx/CVE-2020-0616.json new file mode 100644 index 00000000000..0f2ae9d89a7 --- /dev/null +++ b/2020/0xxx/CVE-2020-0616.json @@ -0,0 +1,166 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when Windows improperly handles hard links, aka 'Microsoft Windows Denial of Service Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0616", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0616" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-124/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-124/" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0617.json b/2020/0xxx/CVE-2020-0617.json new file mode 100644 index 00000000000..ce9dc85bf33 --- /dev/null +++ b/2020/0xxx/CVE-2020-0617.json @@ -0,0 +1,96 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0617", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Hyper-V Denial of Service Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0617", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0617" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0620.json b/2020/0xxx/CVE-2020-0620.json new file mode 100644 index 00000000000..5d5398d70ec --- /dev/null +++ b/2020/0xxx/CVE-2020-0620.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0620", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files, aka 'Microsoft Cryptographic Services Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0620", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0620" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0621.json b/2020/0xxx/CVE-2020-0621.json new file mode 100644 index 00000000000..59e94306e2b --- /dev/null +++ b/2020/0xxx/CVE-2020-0621.json @@ -0,0 +1,102 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update, aka 'Windows Security Feature Bypass Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0621", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0621" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0622.json b/2020/0xxx/CVE-2020-0622.json new file mode 100644 index 00000000000..c13d4e576b1 --- /dev/null +++ b/2020/0xxx/CVE-2020-0622.json @@ -0,0 +1,105 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0622", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0622", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0622" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0623.json b/2020/0xxx/CVE-2020-0623.json new file mode 100644 index 00000000000..dde53039c0a --- /dev/null +++ b/2020/0xxx/CVE-2020-0623.json @@ -0,0 +1,215 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0623", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0623" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0624.json b/2020/0xxx/CVE-2020-0624.json new file mode 100644 index 00000000000..205395e1e3f --- /dev/null +++ b/2020/0xxx/CVE-2020-0624.json @@ -0,0 +1,132 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0624", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0642." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0624", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0624" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0625.json b/2020/0xxx/CVE-2020-0625.json new file mode 100644 index 00000000000..48ea7e67d34 --- /dev/null +++ b/2020/0xxx/CVE-2020-0625.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0625", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0625", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0625" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0626.json b/2020/0xxx/CVE-2020-0626.json new file mode 100644 index 00000000000..d07d93d4755 --- /dev/null +++ b/2020/0xxx/CVE-2020-0626.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0626", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0626" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0627.json b/2020/0xxx/CVE-2020-0627.json new file mode 100644 index 00000000000..486e4824cb2 --- /dev/null +++ b/2020/0xxx/CVE-2020-0627.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0627", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0627" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0628.json b/2020/0xxx/CVE-2020-0628.json new file mode 100644 index 00000000000..5b18cee0837 --- /dev/null +++ b/2020/0xxx/CVE-2020-0628.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0628", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0628", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0628" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0629.json b/2020/0xxx/CVE-2020-0629.json new file mode 100644 index 00000000000..455a1fba755 --- /dev/null +++ b/2020/0xxx/CVE-2020-0629.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0629", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0629" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0630.json b/2020/0xxx/CVE-2020-0630.json new file mode 100644 index 00000000000..4119f4dbe9b --- /dev/null +++ b/2020/0xxx/CVE-2020-0630.json @@ -0,0 +1,248 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0630", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0630", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0630" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0631.json b/2020/0xxx/CVE-2020-0631.json new file mode 100644 index 00000000000..82390a011b2 --- /dev/null +++ b/2020/0xxx/CVE-2020-0631.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0632, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0631", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0631" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0632.json b/2020/0xxx/CVE-2020-0632.json new file mode 100644 index 00000000000..05d4b538f4b --- /dev/null +++ b/2020/0xxx/CVE-2020-0632.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0632", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0633." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0632", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0632" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0633.json b/2020/0xxx/CVE-2020-0633.json new file mode 100644 index 00000000000..a1f09168e80 --- /dev/null +++ b/2020/0xxx/CVE-2020-0633.json @@ -0,0 +1,194 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory, aka 'Windows Search Indexer Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0633", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0633" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0634.json b/2020/0xxx/CVE-2020-0634.json new file mode 100644 index 00000000000..69c06a1d5f4 --- /dev/null +++ b/2020/0xxx/CVE-2020-0634.json @@ -0,0 +1,256 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0634", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0634" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-125/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-125/" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0635.json b/2020/0xxx/CVE-2020-0635.json new file mode 100644 index 00000000000..50296acf6ef --- /dev/null +++ b/2020/0xxx/CVE-2020-0635.json @@ -0,0 +1,256 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0635", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0644." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0635", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0635" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-143/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-143/" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0636.json b/2020/0xxx/CVE-2020-0636.json new file mode 100644 index 00000000000..3eae5de864a --- /dev/null +++ b/2020/0xxx/CVE-2020-0636.json @@ -0,0 +1,132 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0636", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0636", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0636" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0637.json b/2020/0xxx/CVE-2020-0637.json new file mode 100644 index 00000000000..519e158d24f --- /dev/null +++ b/2020/0xxx/CVE-2020-0637.json @@ -0,0 +1,89 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0637", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information, aka 'Remote Desktop Web Access Information Disclosure Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0637", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0637" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0638.json b/2020/0xxx/CVE-2020-0638.json new file mode 100644 index 00000000000..1b1d098fbe9 --- /dev/null +++ b/2020/0xxx/CVE-2020-0638.json @@ -0,0 +1,182 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "version 1803 (Core Installation)" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0639.json b/2020/0xxx/CVE-2020-0639.json new file mode 100644 index 00000000000..97efe5b0f26 --- /dev/null +++ b/2020/0xxx/CVE-2020-0639.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory, aka 'Windows Common Log File System Driver Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0615." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0639", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0639" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0640.json b/2020/0xxx/CVE-2020-0640.json new file mode 100644 index 00000000000..f6c50e979bb --- /dev/null +++ b/2020/0xxx/CVE-2020-0640.json @@ -0,0 +1,218 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0640", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Internet Explorer 10", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2012" + } + ] + } + }, + { + "product_name": "Internet Explorer 9", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1803 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1809 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "Windows Server 2019" + }, + { + "version_value": "Windows 10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1709 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "Windows 10 for 32-bit Systems" + }, + { + "version_value": "Windows 10 for x64-based Systems" + }, + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 10 Version 1607 for x64-based Systems" + }, + { + "version_value": "Windows Server 2016" + }, + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2012 R2" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Internet Explorer 11 on Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0640", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0640" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0641.json b/2020/0xxx/CVE-2020-0641.json new file mode 100644 index 00000000000..aeba39a4740 --- /dev/null +++ b/2020/0xxx/CVE-2020-0641.json @@ -0,0 +1,221 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0641", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0641" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0642.json b/2020/0xxx/CVE-2020-0642.json new file mode 100644 index 00000000000..12e0a5abdb4 --- /dev/null +++ b/2020/0xxx/CVE-2020-0642.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0624." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0642", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0642" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0643.json b/2020/0xxx/CVE-2020-0643.json new file mode 100644 index 00000000000..6407ebd9ae0 --- /dev/null +++ b/2020/0xxx/CVE-2020-0643.json @@ -0,0 +1,251 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0643", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "2008 for 32-bit Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "2008 for x64-based Systems Service Pack 2 (Core installation)" + }, + { + "version_value": "2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "2008 R2 for x64-based Systems Service Pack 1 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI+ Information Disclosure Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0643", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0643" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0644.json b/2020/0xxx/CVE-2020-0644.json new file mode 100644 index 00000000000..b9af78d4830 --- /dev/null +++ b/2020/0xxx/CVE-2020-0644.json @@ -0,0 +1,221 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows", + "version": { + "version_data": [ + { + "version_value": "10 Version 1803 for 32-bit Systems" + }, + { + "version_value": "10 Version 1803 for x64-based Systems" + }, + { + "version_value": "10 Version 1803 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1809 for 32-bit Systems" + }, + { + "version_value": "10 Version 1809 for x64-based Systems" + }, + { + "version_value": "10 Version 1809 for ARM64-based Systems" + }, + { + "version_value": "10 Version 1709 for 32-bit Systems" + }, + { + "version_value": "10 Version 1709 for x64-based Systems" + }, + { + "version_value": "10 Version 1709 for ARM64-based Systems" + }, + { + "version_value": "10 for 32-bit Systems" + }, + { + "version_value": "10 for x64-based Systems" + }, + { + "version_value": "10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "10 Version 1607 for x64-based Systems" + }, + { + "version_value": "8.1 for 32-bit systems" + }, + { + "version_value": "8.1 for x64-based systems" + }, + { + "version_value": "RT 8.1" + } + ] + } + }, + { + "product_name": "Windows Server", + "version": { + "version_data": [ + { + "version_value": "version 1803 (Core Installation)" + }, + { + "version_value": "2019" + }, + { + "version_value": "2019 (Core installation)" + }, + { + "version_value": "2016" + }, + { + "version_value": "2016 (Core installation)" + }, + { + "version_value": "2012" + }, + { + "version_value": "2012 (Core installation)" + }, + { + "version_value": "2012 R2" + }, + { + "version_value": "2012 R2 (Core installation)" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1903 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows 10 Version 1909 for ARM64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0635." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0644", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0644" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0646.json b/2020/0xxx/CVE-2020-0646.json new file mode 100644 index 00000000000..9556db0f96c --- /dev/null +++ b/2020/0xxx/CVE-2020-0646.json @@ -0,0 +1,677 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for 32-bit Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 7 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for 32-bit systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows 8.1 for x64-based systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows RT 8.1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1903 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "1903" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.6", + "version": { + "version_data": [ + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.0", + "version": { + "version_data": [ + { + "version_value": "Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" + }, + { + "version_value": "Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5", + "version": { + "version_data": [ + { + "version_value": "Windows 10 Version 1607 for 32-bit Systems" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5.1", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 4.5.2", + "version": { + "version_data": [ + { + "version_value": "Windows 7 for 32-bit Systems Service Pack 1" + }, + { + "version_value": "Windows 7 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows 8.1 for 32-bit systems" + }, + { + "version_value": "Windows 8.1 for x64-based systems" + }, + { + "version_value": "Windows RT 8.1" + }, + { + "version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 for x64-based Systems Service Pack 2" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1" + }, + { + "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012" + }, + { + "version_value": "Windows Server 2012 (Server Core installation)" + }, + { + "version_value": "Windows Server 2012 R2" + }, + { + "version_value": "Windows Server 2012 R2 (Server Core installation)" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1909 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server, version 1803 (Server Core Installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1803 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + }, + { + "product_name": "Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0647.json b/2020/0xxx/CVE-2020-0647.json new file mode 100644 index 00000000000..b574f284ca3 --- /dev/null +++ b/2020/0xxx/CVE-2020-0647.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Office Online Server", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications correctly, aka 'Microsoft Office Online Spoofing Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0647", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0647" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0650.json b/2020/0xxx/CVE-2020-0650.json new file mode 100644 index 00000000000..d150b2fe6c1 --- /dev/null +++ b/2020/0xxx/CVE-2020-0650.json @@ -0,0 +1,112 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0650", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + }, + { + "version_value": "2019 for Mac" + }, + { + "version_value": "2016 for Mac" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft Excel", + "version": { + "version_data": [ + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0651, CVE-2020-0653." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0650", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0650" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0651.json b/2020/0xxx/CVE-2020-0651.json new file mode 100644 index 00000000000..6aa37cd14a7 --- /dev/null +++ b/2020/0xxx/CVE-2020-0651.json @@ -0,0 +1,112 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0651", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + }, + { + "version_value": "2019 for Mac" + }, + { + "version_value": "2016 for Mac" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + }, + { + "product_name": "Microsoft Excel", + "version": { + "version_data": [ + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE-2020-0653." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0651", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0651" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0652.json b/2020/0xxx/CVE-2020-0652.json new file mode 100644 index 00000000000..3a3e350f9e4 --- /dev/null +++ b/2020/0xxx/CVE-2020-0652.json @@ -0,0 +1,104 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "2019 for 32-bit editions" + }, + { + "version_value": "2019 for 64-bit editions" + }, + { + "version_value": "2016 (32-bit edition)" + }, + { + "version_value": "2016 (64-bit edition)" + }, + { + "version_value": "2010 Service Pack 2 (32-bit editions)" + }, + { + "version_value": "2010 Service Pack 2 (64-bit editions)" + }, + { + "version_value": "2013 RT Service Pack 1" + }, + { + "version_value": "2013 Service Pack 1 (32-bit editions)" + }, + { + "version_value": "2013 Service Pack 1 (64-bit editions)" + } + ] + } + }, + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Memory Corruption Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0652", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0652" + }, + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-20-127/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-127/" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0653.json b/2020/0xxx/CVE-2020-0653.json new file mode 100644 index 00000000000..3dddb60d10c --- /dev/null +++ b/2020/0xxx/CVE-2020-0653.json @@ -0,0 +1,65 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Office 365 ProPlus", + "version": { + "version_data": [ + { + "version_value": "32-bit Systems" + }, + { + "version_value": "64-bit Systems" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0650, CVE-2020-0651." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0653", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0653" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0654.json b/2020/0xxx/CVE-2020-0654.json new file mode 100644 index 00000000000..40b5b82b0d5 --- /dev/null +++ b/2020/0xxx/CVE-2020-0654.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "One Drive for Android", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A security feature bypass vulnerability exists in Microsoft OneDrive App for Android.This could allow an attacker to bypass the passcode or fingerprint requirements of the App.The security update addresses the vulnerability by correcting the way Microsoft OneDrive App for Android handles sharing links., aka 'Microsoft OneDrive for Android Security Feature Bypass Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security Feature Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0654", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0654" + } + ] + } +} \ No newline at end of file diff --git a/2020/0xxx/CVE-2020-0656.json b/2020/0xxx/CVE-2020-0656.json new file mode 100644 index 00000000000..ed6a392a91e --- /dev/null +++ b/2020/0xxx/CVE-2020-0656.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2020-0656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dynamics 365 Field Service (on-premises) v7 series", + "version": { + "version_data": [ + { + "version_value": "" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft" + } + ] + } + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0656", + "refsource": "MISC", + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0656" + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1600.json b/2020/1xxx/CVE-2020-1600.json new file mode 100644 index 00000000000..7ad65982bd9 --- /dev/null +++ b/2020/1xxx/CVE-2020-1600.json @@ -0,0 +1,201 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1600", + "STATE": "PUBLIC", + "TITLE": "Junos OS: A specific SNMP command can trigger a high CPU usage Denial of Service in the RPD daemon." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12.3X48", + "version_value": "12.3X48-D90" + }, + { + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D238, 15.1X53-D592" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R7-S5" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S11" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S11, 17.1R3-S1" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R3-S7" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S4, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S5" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3" + }, + { + "version_affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D50" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R2" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R2" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R2" + }, + { + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R1" + }, + { + "version_affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D200" + }, + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S6" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The following minimal configuration is required. The community \"public\" is minimal; other communities are impacted as well.\n\n [snmp community public]\n [logical-systems logical-system-name protocols mpls label-switched-path lsp-name]\n [protocols mpls label-switched-path]" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition. This issue affects both SNMP over IPv4 and IPv6. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D90; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D592; 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R3-S2; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400 Uncontrolled Resource Consumption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1402185", + "refsource": "MISC", + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1402185" + }, + { + "name": "https://kb.juniper.net/JSA10979", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10979" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 12.3X48-D90, 15.1X49-D200, 15.1R7-S6, 15.1X53-D238, 15.1X53-D592, 16.1R7-S5, 16.2R2-S11, 17.1R3-S1, 17.2R3-S2, 17.3R3-S7, 17.4R2-S4, 17.4R3, 18.1R3-S5, 18.2R3, 18.2X75-D50, 18.3R2, 18.4R2, 19.1R2, 19.2R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10979", + "defect": [ + "1402185" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "If SNMP is not needed, remove SNMP from the system, otherwise, there are no available workarounds for this issue. SNMP is disabled by default.\n\nAdditional steps which may reduce the risk of exploitation include: \nUtilizing edge filtering with source-address validation (uRPF, etc.), access control lists (ACLs), and/or SNMPv3 authentication to limit access to the device only from trusted hosts." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1601.json b/2020/1xxx/CVE-2020-1601.json new file mode 100644 index 00000000000..f89962b6557 --- /dev/null +++ b/2020/1xxx/CVE-2020-1601.json @@ -0,0 +1,200 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1601", + "STATE": "PUBLIC", + "TITLE": "Junos OS: Upon receipt of certain types of malformed PCEP packets the pccd process may crash." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1F6-S13, 15.1R7-S4" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D180" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R7-S4" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S9" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S11, 17.1R3" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R1-S9, 17.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R3-S3" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S2, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S2" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3" + }, + { + "version_affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D40" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.2R2-S6, 18.3R2" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R1-S2, 18.4R2" + }, + { + "version_affected": ">=", + "version_name": "17.2", + "version_value": "17.2R2" + }, + { + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D238, 15.1X53-D496, 15.1X53-D592" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The following minimal configuration is required: \n [protocols pcep pce pce-id destination-ipv4-address ipv4-address]" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS). Continued receipt of this family of malformed PCEP packets will cause an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S13, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D496, 15.1X53-D592; 16.1 versions prior to 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R1-S9; 17.2 version 17.2R2 and later prior to 17.2R3-S2; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R3-S2; 18.2 versions prior to 18.2R2-S6, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. This issue does not affect releases of Junos OS prior to 15.1R1." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "253 - Incorrect Check of Function Return Value" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1395205", + "refsource": "MISC", + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1395205" + }, + { + "name": "https://kb.juniper.net/JSA10980", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10980" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 15.1F6-S13, 15.1R7-S4, 15.1X49-D180, 15.1X53-D238, 15.1X53-D496, 15.1X53-D592, 16.1R7-S4, 16.2R2-S9, 17.1R2-S11, 17.1R3, 17.2R1-S9, 17.2R3-S2, 17.3R3-S3, 17.4R2-S2, 17.4R2-S4, 17.4R3, 18.1R3-S2, 18.2R2-S6, 18.2R3, 18.2X75-D40, 18.3R2, 18.4R1-S2, 18.4R2, 19.1R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10980", + "defect": [ + "1395205" + ], + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no viable workarounds for this issue." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1602.json b/2020/1xxx/CVE-2020-1602.json new file mode 100644 index 00000000000..fa48e4bd4c7 --- /dev/null +++ b/2020/1xxx/CVE-2020-1602.json @@ -0,0 +1,235 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1602", + "STATE": "PUBLIC", + "TITLE": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets may take over the code execution of the JDHCPD process." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S6" + }, + { + "version_affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D200" + }, + { + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D592" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R7-S6" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S11" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S11, 17.1R3-S1" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R2-S8, 17.2R3-S3" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R3-S6" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S7, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S8" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R1-S6, 18.3R2-S2, 18.3R3" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R1-S5, 18.4R2-S3, 18.4R3" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R1-S3, 19.1R2" + }, + { + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R1-S3, 19.2R2" + }, + { + "version_affected": "<", + "version_name": "19.3", + "version_value": "19.3R1, 19.3R2" + }, + { + "version_affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D60" + } + ] + } + }, + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "platform": "Junos Evolved", + "version_affected": "<", + "version_value": "19.3R1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The following minimal configuration is required: \n [forwarding-options dhcp-relay]" + } + ], + "credit": [ + { + "lang": "eng", + "value": "Longfei Fan from Codesafe Team of Legendsec at Qi'anxin Group" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may remotely take over the code execution of the JDHDCP process. This issue affect IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Code Execution of Process" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-416 Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10981", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10981" + }, + { + "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353", + "refsource": "MISC", + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 15.1R7-S6, 15.1X49-D200, 15.1X53-D592, 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S6, 17.4R2-S7, 17.4R3, 18.1R3-S8, 18.2R3-S2, 18.2X75-D60, 18.3R1-S6, 18.3R2-S2, 18.3R3, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S3, 19.2R2*, 19.3R1, and all subsequent releases.\n\nJunos OS Evolved: 19.3R1, and all subsequent releases.\n\n*pending publication" + } + ], + "source": { + "advisory": "JSA10981", + "defect": [ + "1449353" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "If JDHCPD is not needed then disable the service in the device configuration. \nThere are no other viable workarounds for this issue." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1603.json b/2020/1xxx/CVE-2020-1603.json new file mode 100644 index 00000000000..578bf614bff --- /dev/null +++ b/2020/1xxx/CVE-2020-1603.json @@ -0,0 +1,194 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1603", + "STATE": "PUBLIC", + "TITLE": "Junos OS: Improper handling of specific IPv6 packets sent by clients eventually kernel crash (vmcore) the device." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R7-S6" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S11" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S11, 17.1R3-S1" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R1-S9, 17.2R2-S8, 17.2R3-S3" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R3-S6" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S9, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S7" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D50, 18.2X75-D410" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R1-S6, 18.3R2-S2, 18.3R3" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R1-S6, 18.4R2-S2, 18.4R3" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R1-S3, 19.1R2" + }, + { + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R1-S2, 19.2R2" + }, + { + "version_affected": ">=", + "version_name": "16.1", + "version_value": "16.1X70-D10" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "This issue may occur when an interface is configured with IPv6.\nFor example: \n [interfaces fe-1/2/0 unit 1 family inet6 address 2001:db8:0:1::/64] " + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Specific IPv6 packets sent by clients processed by the Routing Engine (RE) are improperly handled. These IPv6 packets are designed to be blocked by the RE from egressing the RE. Instead, the RE allows these specific IPv6 packets to egress the RE, at which point a mbuf memory leak occurs within the Juniper Networks Junos OS device. This memory leak eventually leads to a kernel crash (vmcore), or the device hanging and requiring a power cycle to restore service, creating a Denial of Service (DoS) condition. During the time where mbufs are rising, yet not fully filled, some traffic from client devices may begin to be black holed. To be black holed, this traffic must match the condition where this traffic must be processed by the RE. Continued receipt and attempted egress of these specific IPv6 packets from the Routing Engine (RE) will create an extended Denial of Service (DoS) condition. Scenarios which have been observed are: 1. In a single chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario the device needs to be power cycled. 2. In a single chassis, dual RE scenario, the device master RE will fail over to the backup RE. In this scenario, the master and the backup REs need to be reset from time to time when they vmcore. There is no need to power cycle the device. 3. In a dual chassis, single RE scenario, the device will hang without vmcore, or a vmcore may occur and then hang. In this scenario, the two chassis' design relies upon some type of network level redundancy - VRRP, GRES, NSR, etc. - 3.a In a commanded switchover, where nonstop active routing (NSR) is enabled no session loss is observed. 4. In a dual chassis, dual chassis scenario, rely upon the RE to RE failover as stated in the second scenario. In the unlikely event that the device does not switch RE to RE gracefully, then the fallback position is to the network level services scenario in the third scenario. This issue affects: Juniper Networks Junos OS 16.1 versions prior to 16.1R7-S6; 16.1 version 16.1X70-D10 and later; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D50, 18.2X75-D410; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S6, 18.4R2-S2, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2. This issue does not affect releases prior to Junos OS 16.1R1." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-710 Improper Adherence to Coding Standards" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service (DoS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10982", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10982" + }, + { + "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1443576", + "refsource": "MISC", + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1443576" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S1, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.3R3-S6, 17.4R2-S9, 17.4R3, 18.1R3-S7, 18.2R3-S2, 18.2X75-D50, 18.2X75-D410, 18.3R1-S6, 18.3R2-S2, 18.3R3, 18.4R1-S6, 18.4R2-S2, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2, 19.3R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10982", + "defect": [ + "1443576" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "Remove 'family inet6' from interfaces. Otherwise, there are no available workarounds for this issue.\n\nIndicators of compromise can be found by reviewing RE logs for entries which match in \" \" :\n\"/kernel: Mbuf: High Utililization Level\"\n\nAdditionally, you may issue the follow command from time to time to determine if your mbufs are climbing or are being released by reviewing across two separate times.\n\nThe required privilege level to run the command is: view.\nshow system buffers" + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1604.json b/2020/1xxx/CVE-2020-1604.json new file mode 100644 index 00000000000..2e8a7e4bb09 --- /dev/null +++ b/2020/1xxx/CVE-2020-1604.json @@ -0,0 +1,180 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1604", + "STATE": "PUBLIC", + "TITLE": "Junos OS: EX4300/EX4600/QFX3500/QFX5100 Series: Stateless IP firewall filter may fail to evaluate certain packets" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "platform": "QFX5100 Series and EX4600 Series", + "version_affected": "<", + "version_name": "14.1X53", + "version_value": "14.1X53-D12" + }, + { + "platform": "QFX3500 Series", + "version_affected": "<", + "version_name": "14.1X53", + "version_value": "14.1X53-D52" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "14.1X53", + "version_value": "14.1X53-D48" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S3" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R7" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R3" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R3" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R2-S5, 17.3R3" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3" + }, + { + "platform": "EX4300 Series", + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "This issue affects Junos OS device with stateless IPv4 or IPv6 firewall filter configured:\n [firewall family inet filter]\n [firewall family inet6 filter]" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the IP firewall filter component may cause the firewall filter evaluation of certain packets to fail. This issue only affects firewall filter evaluation of certain packets destined to the device Routing Engine (RE). This issue does not affect the Layer 2 firewall filter evaluation nor does it affect the Layer 3 firewall filter evaluation destined to connected hosts. This issue may occur when evaluating both IPv4 or IPv6 packets. This issue affects Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D12 on QFX5100 Series and EX4600 Series; 14.1X53 versions prior to 14.1X53-D52 on QFX3500 Series; 14.1X53 versions prior to 14.1X53-D48 on EX4300 Series; 15.1 versions prior to 15.1R7-S3 on EX4300 Series; 16.1 versions prior to 16.1R7 on EX4300 Series; 17.1 versions prior to 17.1R3 on EX4300 Series; 17.2 versions prior to 17.2R3 on EX4300 Series; 17.3 versions prior to 17.3R2-S5, 17.3R3 on EX4300 Series; 17.4 versions prior to 17.4R2 on EX4300 Series; 18.1 versions prior to 18.1R3 on EX4300 Series; 18.2 versions prior to 18.2R2 on EX4300 Series." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10983", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10983" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "For QFX5100 Series and EX4600 Series:\nThe following software releases have been updated to resolve this specific issue: 14.1X53-D12 and all subsequent releases.\n\nFor QFX3500 Series:\nThe following software releases have been updated to resolve this specific issue: 14.1X53-D52 and all subsequent releases.\n\nFor EX4300 Series: \nThe following software releases have been updated to resolve this specific issue: 14.1X53-D48, 15.1R7-S3, 16.1R7, 17.1R3, 17.2R3, 17.3R2-S5, 17.3R3, 17.4R2, 18.1R3, 18.2R2, 18.3R1 and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10983", + "defect": [ + "1026708", + "1458027", + "1343402", + "1377189" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue.\n\n" + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1605.json b/2020/1xxx/CVE-2020-1605.json new file mode 100644 index 00000000000..0d1187137d9 --- /dev/null +++ b/2020/1xxx/CVE-2020-1605.json @@ -0,0 +1,227 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1605", + "STATE": "PUBLIC", + "TITLE": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv4 packets and arbitrarily execute commands on the target device." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S6" + }, + { + "version_affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D200" + }, + { + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D592" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R7-S6" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S11" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S11, 17.1R3-S1" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R2-S8, 17.2R3-S3" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R3-S6" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S7, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S8" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R1-S6, 18.3R2-S2, 18.3R3" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R1-S5, 18.4R2-S3, 18.4R3" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R1-S3, 19.1R2" + }, + { + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R1-S3, 19.2R2" + }, + { + "version_affected": "<", + "version_name": "19.3", + "version_value": "19.3R1, 19.3R2" + }, + { + "version_affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D60" + } + ] + } + }, + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "platform": "Junos Evolved", + "version_affected": "<", + "version_value": "19.3R1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The following minimal configuration is required: \n [forwarding-options dhcp-relay]" + } + ], + "credit": [ + { + "lang": "eng", + "value": "Longfei Fan from Codesafe Team of Legendsec at Qi'anxin Group" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv4 packets who may then arbitrarily execute commands as root on the target device. This issue affects IPv4 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10981", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10981" + }, + { + "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353", + "refsource": "MISC", + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 15.1R7-S6, 15.1X49-D200, 15.1X53-D592, 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S6, 17.4R2-S7, 17.4R3, 18.1R3-S8, 18.2R3-S2, 18.2X75-D60, 18.3R1-S6, 18.3R2-S2, 18.3R3, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S3, 19.2R2*, 19.3R1, and all subsequent releases.\n\nJunos OS Evolved: 19.3R1, and all subsequent releases.\n\n*pending publication" + } + ], + "source": { + "advisory": "JSA10981", + "defect": [ + "1449353" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "If JDHCPD is not needed then disable the service in the device configuration. \nThere are no other viable workarounds for this issue." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1606.json b/2020/1xxx/CVE-2020-1606.json new file mode 100644 index 00000000000..dc11cf9b162 --- /dev/null +++ b/2020/1xxx/CVE-2020-1606.json @@ -0,0 +1,216 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1606", + "STATE": "PUBLIC", + "TITLE": "Junos OS: Path traversal vulnerability in J-Web" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12.3", + "version_value": "12.3R12-S13" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "12.3X48", + "version_value": "12.3X48-D85" + }, + { + "version_affected": "<", + "version_name": "14.1X53", + "version_value": "14.1X53-D51" + }, + { + "version_affected": "<", + "version_name": "15.1F6", + "version_value": "15.1F6-S13" + }, + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S5" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D180" + }, + { + "platform": "QFX5200/QFX5110 Series", + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D238" + }, + { + "platform": "EX2300/EX3400 Series", + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D592" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R4-S13, 16.1R7-S5" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S10" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R3-S1" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R1-S9, 17.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R2-S5, 17.3R3-S5" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S9, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S8" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R2-S3, 18.3R3" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R2" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R1-S4, 19.1R2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "This issue requires J-Web to be enabled on the device.\n\nThe examples of the config stanza affected by this issue:\n [system services web-management http]\n [system services web-management https]" + } + ], + "credit": [ + { + "lang": "eng", + "value": "Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A path traversal vulnerability in the Juniper Networks Junos OS device may allow an authenticated J-web user to read files with 'world' readable permission and delete files with 'world' writeable permission. This issue does not affect system files that can be accessed only by root user. This issue affects Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D85 on SRX Series; 14.1X53 versions prior to 14.1X53-D51; 15.1F6 versions prior to 15.1F6-S13; 15.1 versions prior to 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S2; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R2-S9, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3; 18.3 versions prior to 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S4, 19.1R2." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10985", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10985" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S13, 12.3X48-D85, 14.1X53-D51, 15.1F6-S13, 15.1R7-S5, 15.1X49-D180, 15.1X53-D238, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10, 17.1R3-S1, 17.2R1-S9, 17.2R3-S2, 17.3R2-S5, 17.3R3-S5, 17.4R2-S9, 17.4R3, 18.1R3-S8, 18.2R3, 18.3R2-S3, 18.3R3, 18.4R2, 19.1R1-S4, 19.1R2, 19.2R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10985", + "defect": [ + "1431298" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Limit access to the J-Web interface to only trusted users to reduce risks of exploitation of this vulnerability." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1607.json b/2020/1xxx/CVE-2020-1607.json new file mode 100644 index 00000000000..3a216eba21d --- /dev/null +++ b/2020/1xxx/CVE-2020-1607.json @@ -0,0 +1,216 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1607", + "STATE": "PUBLIC", + "TITLE": "Junos OS: Cross-Site Scripting (XSS) in J-Web" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "12.3", + "version_value": "12.3R12-S15" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "12.3X48", + "version_value": "12.3X48-D86, 12.3X48-D90" + }, + { + "platform": "EX and QFX Series", + "version_affected": "<", + "version_name": "14.1X53", + "version_value": "14.1X53-D51" + }, + { + "version_affected": "<", + "version_name": "15.1F6", + "version_value": "15.1F6-S13" + }, + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S5" + }, + { + "platform": "SRX Series", + "version_affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D181, 15.1X49-D190" + }, + { + "platform": "QFX5200/QFX5110 Series", + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D238" + }, + { + "platform": "EX2300/EX3400 Series", + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D592" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R4-S13, 16.1R7-S5" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S10" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S11, 17.1R3-S1" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R1-S9, 17.2R3-S2" + }, + { + "version_affected": "=", + "version_name": "17.2", + "version_value": "17.2R2" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R2-S5, 17.3R3-S5" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S6, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S7" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R2-S5, 18.2R3" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R1-S6, 18.3R2-S1, 18.3R3" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R1-S5, 18.4R2" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R1-S2, 19.1R2" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "This issue requires J-Web to be enabled on the device.\n\nThe examples of the config stanza affected by this issue:\n system services web-management http\n system services web-management https" + } + ], + "credit": [ + { + "lang": "eng", + "value": "Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc." + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient Cross-Site Scripting (XSS) protection in J-Web may potentially allow a remote attacker to inject web script or HTML, hijack the target user's J-Web session and perform administrative actions on the Junos device as the targeted user. This issue affects Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S15; 12.3X48 versions prior to 12.3X48-D86, 12.3X48-D90 on SRX Series; 14.1X53 versions prior to 14.1X53-D51 on EX and QFX Series; 15.1F6 versions prior to 15.1F6-S13; 15.1 versions prior to 15.1R7-S5; 15.1X49 versions prior to 15.1X49-D181, 15.1X49-D190 on SRX Series; 15.1X53 versions prior to 15.1X53-D238 on QFX5200/QFX5110 Series; 15.1X53 versions prior to 15.1X53-D592 on EX2300/EX3400 Series; 16.1 versions prior to 16.1R4-S13, 16.1R7-S5; 16.2 versions prior to 16.2R2-S10; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R1-S9, 17.2R3-S2; 17.3 versions prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions prior to 17.4R2-S6, 17.4R3; 18.1 versions prior to 18.1R3-S7; 18.2 versions prior to 18.2R2-S5, 18.2R3; 18.3 versions prior to 18.3R1-S6, 18.3R2-S1, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2; 19.1 versions prior to 19.1R1-S2, 19.1R2." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10986", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10986" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 12.3R12-S15, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1F6-S13,15.1R7-S5, 15.1X49-D181, 15.1X49-D190, 15.1X53-D238, 15.1X53-D592, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10,17.1R2-S11, 17.1R3-S1, 17.2R1-S9, 17.2R3-S2, 17.3R2-S5, 17.3R3-S5, 17.4R2-S6, 17.4R3, 18.1R3-S7,18.2R2-S5, 18.2R3, 18.3R1-S6, 18.3R2-S1, 18.3R3, 18.4R1-S5, 18.4R2, 19.1R1-S2, 19.1R2, 19.2R1, and all subsequent releases." + } + ], + "source": { + "advisory": "JSA10986", + "defect": [ + "1434553" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "Access the J-Web service from trusted hosts which may not be compromised by cross-site scripting attacks, for example, deploying jump hosts with no internet access. \nAlternatively, disable J-Web. \n" + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1608.json b/2020/1xxx/CVE-2020-1608.json new file mode 100644 index 00000000000..750dfff45a2 --- /dev/null +++ b/2020/1xxx/CVE-2020-1608.json @@ -0,0 +1,200 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1608", + "STATE": "PUBLIC", + "TITLE": "Junos OS: MX Series: In BBE configurations, receipt of a specific MPLS or IPv6 packet causes a Denial of Service" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "platform": "MX Series", + "version_affected": ">=", + "version_name": "17.2", + "version_value": "17.2R2-S6, 17.2R3 " + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R3-S3" + }, + { + "platform": "MX Series", + "version_affected": ">=", + "version_name": "17.3", + "version_value": "17.3R2-S4, 17.3R3-S2" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R2-S5, 17.3R3-S5" + }, + { + "platform": "MX Series", + "version_affected": ">=", + "version_name": "17.4", + "version_value": "17.4R2" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S7,17.4R3" + }, + { + "platform": "MX Series", + "version_affected": ">=", + "version_name": "18.1", + "version_value": "18.1R2-S3, 18.1R3" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S6" + }, + { + "platform": "MX Series", + "version_affected": ">=", + "version_name": "18.2", + "version_value": "18.2R1-S1, 18.2R2" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3-S2 " + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D51, 18.2X75-D60" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R3" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R2" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R1-S3, 19.1R2" + }, + { + "platform": "MX Series", + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R1-S2, 19.2R2" + }, + { + "platform": "MX Series", + "version_affected": "!<", + "version_value": "17.2R1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot. The issue is specific to the processing of packets destined to BBE clients connected to MX Series subscriber management platforms. This issue affects MX Series running Juniper Networks Junos OS: 17.2 versions starting from17.2R2-S6, 17.2R3 and later releases, prior to 17.2R3-S3; 17.3 versions starting from 17.3R2-S4, 17.3R3-S2 and later releases, prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions starting from 17.4R2 and later releases, prior to 17.4R2-S7,17.4R3; 18.1 versions starting from 18.1R2-S3, 18.1R3 and later releases, prior to 18.1R3-S6; 18.2 versions starting from18.2R1-S1, 18.2R2 and later releases, prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D51, 18.2X75-D60; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R2-S6." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10987", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10987" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: 17.2R3-S3, 17.3R2-S5, 17.3R3-S5, 17.4R2-S7, 17.4R3, 18.1R3-S6, 18.2R3-S2, 18.2X75-D51, 18.2X75-D60, 18.3R3, 18.4R2, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2, 19.3R1, and all subsequent releases.\n\n" + } + ], + "source": { + "advisory": "JSA10987", + "defect": [ + "1432957" + ], + "discovery": "USER" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1609.json b/2020/1xxx/CVE-2020-1609.json new file mode 100644 index 00000000000..be313e95e1b --- /dev/null +++ b/2020/1xxx/CVE-2020-1609.json @@ -0,0 +1,227 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1609", + "STATE": "PUBLIC", + "TITLE": "Junos OS and Junos OS Evolved: A vulnerability in JDHCPD allows an attacker to send crafted IPv6 packets and arbitrarily execute commands on the target device." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "15.1", + "version_value": "15.1R7-S6" + }, + { + "version_affected": "<", + "version_name": "15.1X49", + "version_value": "15.1X49-D200" + }, + { + "version_affected": "<", + "version_name": "15.1X53", + "version_value": "15.1X53-D592" + }, + { + "version_affected": "<", + "version_name": "16.1", + "version_value": "16.1R7-S6" + }, + { + "version_affected": "<", + "version_name": "16.2", + "version_value": "16.2R2-S11" + }, + { + "version_affected": "<", + "version_name": "17.1", + "version_value": "17.1R2-S11, 17.1R3-S1" + }, + { + "version_affected": "<", + "version_name": "17.2", + "version_value": "17.2R2-S8, 17.2R3-S3" + }, + { + "version_affected": "<", + "version_name": "17.3", + "version_value": "17.3R3-S6" + }, + { + "version_affected": "<", + "version_name": "17.4", + "version_value": "17.4R2-S7, 17.4R3" + }, + { + "version_affected": "<", + "version_name": "18.1", + "version_value": "18.1R3-S8" + }, + { + "version_affected": "<", + "version_name": "18.2", + "version_value": "18.2R3-S2" + }, + { + "version_affected": "<", + "version_name": "18.3", + "version_value": "18.3R1-S6, 18.3R2-S2, 18.3R3" + }, + { + "version_affected": "<", + "version_name": "18.4", + "version_value": "18.4R1-S5, 18.4R2-S3, 18.4R3" + }, + { + "version_affected": "<", + "version_name": "19.1", + "version_value": "19.1R1-S3, 19.1R2" + }, + { + "version_affected": "<", + "version_name": "19.2", + "version_value": "19.2R1-S3, 19.2R2" + }, + { + "version_affected": "<", + "version_name": "19.3", + "version_value": "19.3R1, 19.3R2" + }, + { + "version_affected": "<", + "version_name": "18.2X75", + "version_value": "18.2X75-D60" + } + ] + } + }, + { + "product_name": "Junos OS Evolved", + "version": { + "version_data": [ + { + "platform": "Junos Evolved", + "version_affected": "<", + "version_value": "19.3R1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "configuration": [ + { + "lang": "eng", + "value": "The following minimal configuration is required: \n [forwarding-options dhcp-relay]" + } + ], + "credit": [ + { + "lang": "eng", + "value": "Longfei Fan from Codesafe Team of Legendsec at Qi'anxin Group" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When a device using Juniper Network's Dynamic Host Configuration Protocol Daemon (JDHCPD) process on Junos OS or Junos OS Evolved which is configured in relay mode it vulnerable to an attacker sending crafted IPv6 packets who may then arbitrarily execute commands as root on the target device. This issue affects IPv6 JDHCPD services. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D592; 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S1; 17.2 versions prior to 17.2R2-S8, 17.2R3-S3; 17.3 versions prior to 17.3R3-S6; 17.4 versions prior to 17.4R2-S7, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S2, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R2-S3, 18.4R3; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S3, 19.2R2*. and All versions prior to 19.3R1 on Junos OS Evolved. This issue do not affect versions of Junos OS prior to 15.1, or JDHCPD operating as a local server in non-relay mode." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." + } + ], + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121 Stack-based Buffer Overflow" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10981", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10981" + }, + { + "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353", + "refsource": "MISC", + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449353" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 15.1R7-S6, 15.1X49-D200, 15.1X53-D592, 16.1R7-S6, 16.2R2-S11, 17.1R2-S11, 17.1R3-S1, 17.2R2-S8, 17.2R3-S3, 17.3R3-S6, 17.4R2-S7, 17.4R3, 18.1R3-S8, 18.2R3-S2, 18.2X75-D60, 18.3R1-S6, 18.3R2-S2, 18.3R3, 18.4R1-S5, 18.4R2-S3, 18.4R3, 19.1R1-S3, 19.1R2, 19.2R1-S3, 19.2R2*, 19.3R1, and all subsequent releases.\n\nJunos OS Evolved: 19.3R1, and all subsequent releases.\n\n*pending publication" + } + ], + "source": { + "advisory": "JSA10981", + "defect": [ + "1449353" + ], + "discovery": "EXTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "If JDHCPD is not needed then disable the service in the device configuration. \nThere are no other viable workarounds for this issue." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1611.json b/2020/1xxx/CVE-2020-1611.json new file mode 100644 index 00000000000..63da0a3a0be --- /dev/null +++ b/2020/1xxx/CVE-2020-1611.json @@ -0,0 +1,108 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2020-01-08T17:00:00.000Z", + "ID": "CVE-2020-1611", + "STATE": "PUBLIC", + "TITLE": "Junos Space: Malicious HTTP packets sent to Junos Space allow an attacker to view all files on the device." + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos Space", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "19.4R1" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1." + } + ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Local file inclusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://kb.juniper.net/JSA10993", + "name": "https://kb.juniper.net/JSA10993" + }, + { + "refsource": "MISC", + "url": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449224", + "name": "https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1449224" + } + ] + }, + "solution": [ + { + "lang": "eng", + "value": "The following software releases have been updated to resolve this specific issue: Junos Space 19.4R1, and all subsequent releases.\n" + } + ], + "source": { + "advisory": "JSA10993", + "defect": [ + "1449224" + ], + "discovery": "INTERNAL" + }, + "work_around": [ + { + "lang": "eng", + "value": "There are no known workarounds for this issue.\n\nTo reduce the risk of exploitation of these issues, use access lists or firewall filters to limit access to Junos Space to only trusted administrative networks, hosts and users." + } + ] +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1765.json b/2020/1xxx/CVE-2020-1765.json index 737ef66e88f..b1ae6266c0f 100644 --- a/2020/1xxx/CVE-2020-1765.json +++ b/2020/1xxx/CVE-2020-1765.json @@ -10,6 +10,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "OTRS AG", "product": { "product_data": [ { @@ -17,14 +18,10 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "5.0.x", - "version_value": "5.0.39" + "version_value": "5.0.x version 5.0.39 and prior versions" }, { - "version_affected": "<=", - "version_name": "6.0.x", - "version_value": "6.0.24" + "version_value": "6.0.x version 6.0.24 and prior versions" } ] } @@ -34,16 +31,13 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "7.0.x", - "version_value": "7.0.13" + "version_value": "7.0.x version 7.0.13 and prior versions" } ] } } ] - }, - "vendor_name": "OTRS AG" + } } ] } @@ -61,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound.\n\nThis issue affects:\n((OTRS)) Community Edition\n5.0.x version 5.0.39 and prior versions;\n6.0.x version 6.0.24 and prior versions.\nOTRS\n7.0.x version 7.0.13 and prior versions." + "value": "An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions." } ] }, @@ -100,6 +94,7 @@ "reference_data": [ { "refsource": "CONFIRM", + "name": "https://otrs.com/release-notes/otrs-security-advisory-2020-01/", "url": "https://otrs.com/release-notes/otrs-security-advisory-2020-01/" } ] diff --git a/2020/1xxx/CVE-2020-1766.json b/2020/1xxx/CVE-2020-1766.json index 832c1888815..b8241262c27 100644 --- a/2020/1xxx/CVE-2020-1766.json +++ b/2020/1xxx/CVE-2020-1766.json @@ -10,6 +10,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "OTRS AG", "product": { "product_data": [ { @@ -17,14 +18,10 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "5.0.x", - "version_value": "5.0.39" + "version_value": "5.0.x version 5.0.39 and prior versions" }, { - "version_affected": "<=", - "version_name": "6.0.x", - "version_value": "6.0.24" + "version_value": "6.0.x version 6.0.24 and prior versions" } ] } @@ -34,16 +31,13 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "7.0.x", - "version_value": "7.0.13" + "version_value": "7.0.x version 7.0.13 and prior versions" } ] } } ] - }, - "vendor_name": "OTRS AG" + } } ] } @@ -61,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. \n\nThis issue affects:\n((OTRS)) Community Edition\n5.0.x version 5.0.39 and prior versions;\n6.0.x version 6.0.24 and prior versions.\nOTRS\n7.0.x version 7.0.13 and prior versions." + "value": "Due to improper handling of uploaded images it is possible in very unlikely and rare conditions to force the agents browser to execute malicious javascript from a special crafted SVG file rendered as inline jpg file. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions." } ] }, @@ -100,6 +94,7 @@ "reference_data": [ { "refsource": "CONFIRM", + "name": "https://otrs.com/release-notes/otrs-security-advisory-2020-02/", "url": "https://otrs.com/release-notes/otrs-security-advisory-2020-02/" } ] diff --git a/2020/1xxx/CVE-2020-1767.json b/2020/1xxx/CVE-2020-1767.json index aabfe6d5a38..d25b188de82 100644 --- a/2020/1xxx/CVE-2020-1767.json +++ b/2020/1xxx/CVE-2020-1767.json @@ -10,6 +10,7 @@ "vendor": { "vendor_data": [ { + "vendor_name": "OTRS AG", "product": { "product_data": [ { @@ -17,9 +18,7 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "6.0.x", - "version_value": "6.0.24" + "version_value": "6.0.x version 6.0.24 and prior versions" } ] } @@ -29,16 +28,13 @@ "version": { "version_data": [ { - "version_affected": "<=", - "version_name": "7.0.x", - "version_value": "7.0.13" + "version_value": "7.0.x version 7.0.13 and prior versions" } ] } } ] - }, - "vendor_name": "OTRS AG" + } } ] } @@ -50,7 +46,7 @@ "description_data": [ { "lang": "eng", - "value": "Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent.\n\nThis issue affects:\n((OTRS)) Community Edition\n6.0.x version 6.0.24 and prior versions.\nOTRS\n7.0.x version 7.0.13 and prior versions." + "value": "Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions." } ] }, @@ -89,6 +85,7 @@ "reference_data": [ { "refsource": "CONFIRM", + "name": "https://otrs.com/release-notes/otrs-security-advisory-2020-03/", "url": "https://otrs.com/release-notes/otrs-security-advisory-2020-03/" } ] diff --git a/2020/1xxx/CVE-2020-1788.json b/2020/1xxx/CVE-2020-1788.json index a59c798345a..b20708ddc7b 100644 --- a/2020/1xxx/CVE-2020-1788.json +++ b/2020/1xxx/CVE-2020-1788.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1788", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Honor V30", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.0.1.135(C00E130R4P1)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-02-smartphone-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-02-smartphone-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into installing a malicious application. Successful exploit could allow unauthorized actions leading to information disclosure." } ] } diff --git a/2020/1xxx/CVE-2020-1810.json b/2020/1xxx/CVE-2020-1810.json index 51f75623955..2d6e6f17c4d 100644 --- a/2020/1xxx/CVE-2020-1810.json +++ b/2020/1xxx/CVE-2020-1810.json @@ -11,158 +11,21 @@ "vendor": { "vendor_data": [ { - "vendor_name": "Huawei", + "vendor_name": "n/a", "product": { "product_data": [ { - "product_name": "CloudEngine 12800", + "product_name": "CloudEngine 12800;S5700;S6700", "version": { "version_data": [ { - "version_value": "V100R003C00SPC600" + "version_value": "V100R003C00SPC600,V100R003C10SPC100,V100R005C00SPC200,V100R005C00SPC300,V100R005C10HP0001,V100R005C10SPC100,V100R005C10SPC200,V100R006C00,V200R001C00,V200R002C01,V200R002C10,V200R002C20,V200R005C10" }, { - "version_value": "V100R003C10SPC100" + "version_value": "V200R005C00SPC500,V200R005C03,V200R006C00SPC100,V200R006C00SPC300,V200R006C00SPC500,V200R007C00SPC100,V200R007C00SPC500" }, { - "version_value": "V100R005C00SPC200" - }, - { - "version_value": "V100R005C00SPC300" - }, - { - "version_value": "V100R005C10HP0001" - }, - { - "version_value": "V100R005C10SPC100" - }, - { - "version_value": "V100R005C10SPC200" - }, - { - "version_value": "V100R006C00" - }, - { - "version_value": "V200R001C00" - }, - { - "version_value": "V200R002C01" - }, - { - "version_value": "V200R002C10" - }, - { - "version_value": "V200R002C20" - }, - { - "version_value": "V200R005C10" - } - ] - } - }, - { - "product_name": "CloudEngine S5700", - "version": { - "version_data": [ - { - "version_value": "V200R005C00SPC500" - }, - { - "version_value": "V200R005C03" - }, - { - "version_value": "V200R006C00SPC100" - }, - { - "version_value": "V200R006C00SPC300" - }, - { - "version_value": "V200R006C00SPC500" - }, - { - "version_value": "V200R007C00SPC100" - }, - { - "version_value": "V200R007C00SPC500" - }, - { - "version_value": "V200R010C00SPC300" - }, - { - "version_value": "V200R010C00SPC600" - }, - { - "version_value": "V200R010C00SPC700" - }, - { - "version_value": "V200R011C00SPC200" - }, - { - "version_value": "V200R011C10SPC500" - }, - { - "version_value": "V200R011C10SPC600" - }, - { - "version_value": "V200R012C00SPC200" - }, - { - "version_value": "V200R012C00SPC500" - }, - { - "version_value": "V200R012C00SPC600" - }, - { - "version_value": "V200R012C00SPC700" - }, - { - "version_value": "V200R012C00SPC710" - }, - { - "version_value": "V200R012C20" - } - ] - } - }, - { - "product_name": "CloudEngine S6700", - "version": { - "version_data": [ - { - "version_value": "V200R005C00SPC500" - }, - { - "version_value": "V200R005C01" - }, - { - "version_value": "V200R008C00SPC500" - }, - { - "version_value": "V200R010C00SPC300" - }, - { - "version_value": "V200R010C00SPC600" - }, - { - "version_value": "V200R011C00SPC200" - }, - { - "version_value": "V200R011C10SPC500" - }, - { - "version_value": "V200R011C10SPC600" - }, - { - "version_value": "V200R012C00SPC200" - }, - { - "version_value": "V200R012C00SPC500" - }, - { - "version_value": "V200R012C00SPC600" - }, - { - "version_value": "V200R012C00SPC710" + "version_value": "V200R005C00SPC500,V200R005C01" } ] } @@ -188,7 +51,7 @@ "references": { "reference_data": [ { - "refsource": "CONFIRM", + "refsource": "MISC", "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200108-01-rsa-en" } @@ -198,7 +61,7 @@ "description_data": [ { "lang": "eng", - "value": "Huawei products CloudEngine 12800, S5700, and S6700 have a weak algorithm vulnerability. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information. Affected product versions include: CloudEngine 12800 versions V100R003C00SPC600, V100R003C10SPC100, V100R005C00SPC200, V100R005C00SPC300, V100R005C10HP0001, V100R005C10SPC100, V100R005C10SPC200, V100R006C00, V200R001C00, V200R002C01, V200R002C10, V200R002C20, V200R005C10; CloudEngine S5700 versions V200R005C00SPC500, V200R005C03, V200R006C00SPC100, V200R006C00SPC300, V200R006C00SPC500, V200R007C00SPC100, V200R007C00SPC500, V200R010C00SPC300, V200R010C00SPC600, V200R010C00SPC700, V200R011C00SPC200, V200R011C10SPC500, V200R011C10SPC600, V200R012C00SPC200, V200R012C00SPC500, V200R012C00SPC600, V200R012C00SPC700, V200R012C00SPC710, V200R012C20; CloudEngine S6700 versions V200R005C00SPC500, V200R005C01, V200R008C00SPC500, V200R010C00SPC300, V200R010C00SPC600, V200R011C00SPC200, V200R011C10SPC500, V200R011C10SPC600, V200R012C00SPC200, V200R012C00SPC500, V200R012C00SPC600, V200R012C00SPC710." + "value": "There is a weak algorithm vulnerability in some Huawei products. The affected products use the RSA algorithm in the SSL key exchange algorithm which have been considered as a weak algorithm. Attackers may exploit this vulnerability to leak some information." } ] } diff --git a/2020/1xxx/CVE-2020-1840.json b/2020/1xxx/CVE-2020-1840.json index 532ca3bcf28..8a73c169551 100644 --- a/2020/1xxx/CVE-2020-1840.json +++ b/2020/1xxx/CVE-2020-1840.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1840", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@huawei.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "HUAWEI Mate 20", + "version": { + "version_data": [ + { + "version_value": "Versions earlier than 10.0.0.175(C00E70R3P8)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-smartphone-en", + "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-smartphone-en" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E70R3P8) have an insufficient authentication vulnerability. A local attacker with high privilege can execute a specific command to exploit this vulnerability. Successful exploitation may cause information leak and compromise the availability of the smart phones.Affected product versions include: HUAWEI Mate 20 versions Versions earlier than 10.0.0.175(C00E70R3P8)" } ] } diff --git a/2020/1xxx/CVE-2020-1928.json b/2020/1xxx/CVE-2020-1928.json index da98f2faba1..191e530770e 100644 --- a/2020/1xxx/CVE-2020-1928.json +++ b/2020/1xxx/CVE-2020-1928.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1928", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache NiFi", + "version": { + "version_data": [ + { + "version_value": "Apache NiFi 1.10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://nifi.apache.org/security.html#CVE-2020-1928", + "url": "https://nifi.apache.org/security.html#CVE-2020-1928" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability was found in Apache NiFi 1.10.0. The sensitive parameter parser would log parsed values for debugging purposes. This would expose literal values entered in a sensitive property when no parameter was present." } ] } diff --git a/2020/1xxx/CVE-2020-1929.json b/2020/1xxx/CVE-2020-1929.json index 133d70489e5..fb605d6782e 100644 --- a/2020/1xxx/CVE-2020-1929.json +++ b/2020/1xxx/CVE-2020-1929.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1929", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Beam", + "version": { + "version_data": [ + { + "version_value": "2.10.0 to 2.16.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[beam-user] 20200115 [CVE-2020-1929] Apache Beam MongoDB IO connector disables certificate trust verification", + "url": "https://lists.apache.org/thread.html/rdd0e85b71bf0274471b40fa1396d77f7b2d1165eaea4becbdc69aa04%40%3Cuser.beam.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an option to disable SSL trust verification. However this configuration is not respected and the certificate verification disables trust verification in every case. This exclusion also gets registered globally which disables trust checking for any code running in the same JVM." } ] } diff --git a/2020/1xxx/CVE-2020-1932.json b/2020/1xxx/CVE-2020-1932.json index 467b7327b2b..f3886360189 100644 --- a/2020/1xxx/CVE-2020-1932.json +++ b/2020/1xxx/CVE-2020-1932.json @@ -4,14 +4,67 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1932", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Superset", + "version": { + "version_data": [ + { + "version_value": "0.34.0" + }, + { + "version_value": "0.34.1" + }, + { + "version_value": "0.35.0" + }, + { + "version_value": "0.35.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/r4e5323c3bc786005495311a6ff53ac6d990b2c7eb52941a1a13ce227%40%3Cdev.superset.apache.org%3E", + "url": "https://lists.apache.org/thread.html/r4e5323c3bc786005495311a6ff53ac6d990b2c7eb52941a1a13ce227%40%3Cdev.superset.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset." } ] } diff --git a/2020/1xxx/CVE-2020-1933.json b/2020/1xxx/CVE-2020-1933.json index 9f2c2dc7b85..50e6cb8c7c6 100644 --- a/2020/1xxx/CVE-2020-1933.json +++ b/2020/1xxx/CVE-2020-1933.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1933", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache NiFi", + "version": { + "version_data": [ + { + "version_value": "Apache NiFi 1.0.0 to 1.10.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS Attack" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://nifi.apache.org/security.html#CVE-2020-1933", + "url": "https://nifi.apache.org/security.html#CVE-2020-1933" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Malicious scripts could be injected to the UI through action by an unaware authenticated user in Firefox. Did not appear to occur in other browsers." } ] } diff --git a/2020/1xxx/CVE-2020-1940.json b/2020/1xxx/CVE-2020-1940.json index 0f9de1f224a..f813523b8b4 100644 --- a/2020/1xxx/CVE-2020-1940.json +++ b/2020/1xxx/CVE-2020-1940.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1940", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache Software Foundation", + "product": { + "product_data": [ + { + "product_name": "Apache Jackrabbit Oak", + "version": { + "version_data": [ + { + "version_value": "1.2.0 to 1.22.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/rccc0ed467faa35734ea16b8f5de5603e708936c41a4eddd90fddeaf0%40%3Cusers.jackrabbit.apache.org%3E", + "url": "https://lists.apache.org/thread.html/rccc0ed467faa35734ea16b8f5de5603e708936c41a4eddd90fddeaf0%40%3Cusers.jackrabbit.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[jackrabbit-announce] 20200128 CVE-2020-1940: Apache Jackrabbit Oak sensitive information disclosure vulnerability", + "url": "https://lists.apache.org/thread.html/rccc0ed467faa35734ea16b8f5de5603e708936c41a4eddd90fddeaf0@%3Cannounce.jackrabbit.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does not remove it upon processing during the first phase of the authentication. In combination with additional, independent authentication mechanisms, this may lead to the new password being disclosed." } ] } diff --git a/2020/2xxx/CVE-2020-2090.json b/2020/2xxx/CVE-2020-2090.json index 1a7a63e5eef..f69591213ff 100644 --- a/2020/2xxx/CVE-2020-2090.json +++ b/2020/2xxx/CVE-2020-2090.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2090", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Amazon EC2 Plugin", + "version": { + "version_data": [ + { + "version_value": "1.47", + "version_affected": "<=" + }, + { + "version_value": "1.46.2", + "version_affected": "!>=" + }, + { + "version_value": "1.42.2", + "version_affected": "!>=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1004", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1004", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2091.json b/2020/2xxx/CVE-2020-2091.json index 7a6cecb4f94..52588d565e3 100644 --- a/2020/2xxx/CVE-2020-2091.json +++ b/2020/2xxx/CVE-2020-2091.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2091", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Amazon EC2 Plugin", + "version": { + "version_data": [ + { + "version_value": "1.47", + "version_affected": "<=" + }, + { + "version_value": "1.46.2", + "version_affected": "!>=" + }, + { + "version_value": "1.42.2", + "version_affected": "!>=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL within the AWS region using attacker-specified credentials IDs obtained through another method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1004", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1004", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2092.json b/2020/2xxx/CVE-2020-2092.json index dc31aedad18..51d1ad2dd03 100644 --- a/2020/2xxx/CVE-2020-2092.json +++ b/2020/2xxx/CVE-2020-2092.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2092", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Robot Framework Plugin", + "version": { + "version_data": [ + { + "version_value": "2.0.0", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-611: Improper Restriction of XML External Entity Reference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1698", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1698", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2093.json b/2020/2xxx/CVE-2020-2093.json index 908bf591fa0..efc53a1dc65 100644 --- a/2020/2xxx/CVE-2020-2093.json +++ b/2020/2xxx/CVE-2020-2093.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2093", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Health Advisor by CloudBees Plugin", + "version": { + "version_data": [ + { + "version_value": "3.0", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers to send an email with fixed content to an attacker-specified recipient." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2094.json b/2020/2xxx/CVE-2020-2094.json index 847889b070b..0ca318a6c37 100644 --- a/2020/2xxx/CVE-2020-2094.json +++ b/2020/2xxx/CVE-2020-2094.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2094", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Health Advisor by CloudBees Plugin", + "version": { + "version_data": [ + { + "version_value": "3.0", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A missing permission check in Jenkins Health Advisor by CloudBees Plugin 3.0 and earlier allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1708", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2095.json b/2020/2xxx/CVE-2020-2095.json index 251591afcf5..81e975b2593 100644 --- a/2020/2xxx/CVE-2020-2095.json +++ b/2020/2xxx/CVE-2020-2095.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2095", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Redgate SQL Change Automation Plugin", + "version": { + "version_data": [ + { + "version_value": "2.0.4", + "version_affected": "<=" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored an API key unencrypted in job config.xml files on the Jenkins master where they could be viewed by users with Extended Read permission, or access to the master file system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-256: Unprotected Storage of Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1696", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1696", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2096.json b/2020/2xxx/CVE-2020-2096.json index e5549d9802d..c31ee490eee 100644 --- a/2020/2xxx/CVE-2020-2096.json +++ b/2020/2xxx/CVE-2020-2096.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2096", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Gitlab Hook Plugin", + "version": { + "version_data": [ + { + "version_value": "1.4.2", + "version_affected": "<=" + }, + { + "version_value": "1.4.2", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683", + "refsource": "CONFIRM" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200115 Multiple vulnerabilities in Jenkins plugins", + "url": "http://www.openwall.com/lists/oss-security/2020/01/15/1" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155967/Jenkins-Gitlab-Hook-1.4.2-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/155967/Jenkins-Gitlab-Hook-1.4.2-Cross-Site-Scripting.html" } ] } diff --git a/2020/2xxx/CVE-2020-2097.json b/2020/2xxx/CVE-2020-2097.json index b9318a6946b..ee1922071a6 100644 --- a/2020/2xxx/CVE-2020-2097.json +++ b/2020/2xxx/CVE-2020-2097.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2097", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Sounds Plugin", + "version": { + "version_data": [ + { + "version_value": "0.5", + "version_affected": "<=" + }, + { + "version_value": "0.5", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Jenkins Sounds Plugin 0.5 and earlier does not perform permission checks in URLs performing form validation, allowing attackers with Overall/Read access to execute arbitrary OS commands as the OS user account running Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2098.json b/2020/2xxx/CVE-2020-2098.json index e5aef641c51..9c66003c84d 100644 --- a/2020/2xxx/CVE-2020-2098.json +++ b/2020/2xxx/CVE-2020-2098.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-2098", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "jenkinsci-cert@googlegroups.com", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Jenkins project", + "product": { + "product_data": [ + { + "product_name": "Jenkins Sounds Plugin", + "version": { + "version_data": [ + { + "version_value": "0.5", + "version_affected": "<=" + }, + { + "version_value": "0.5", + "version_affected": "?>" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0.5 and earlier allows attacker to execute arbitrary OS commands as the OS user account running Jenkins." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", + "url": "https://jenkins.io/security/advisory/2020-01-15/#SECURITY-814", + "refsource": "CONFIRM" } ] } diff --git a/2020/2xxx/CVE-2020-2510.json b/2020/2xxx/CVE-2020-2510.json index 8f526a11645..c65cedab6d8 100644 --- a/2020/2xxx/CVE-2020-2510.json +++ b/2020/2xxx/CVE-2020-2510.json @@ -1,17 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2510", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "11.2.0.4", + "version_affected": "=" + }, + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Core RDBMS." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2511.json b/2020/2xxx/CVE-2020-2511.json index 08ff3cf8dfd..20fdd61b9ad 100644 --- a/2020/2xxx/CVE-2020-2511.json +++ b/2020/2xxx/CVE-2020-2511.json @@ -1,17 +1,74 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2511", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Core RDBMS." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2512.json b/2020/2xxx/CVE-2020-2512.json index 44439e9899a..7be45bd83de 100644 --- a/2020/2xxx/CVE-2020-2512.json +++ b/2020/2xxx/CVE-2020-2512.json @@ -1,17 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2512", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "11.2.0.4", + "version_affected": "=" + }, + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Database Gateway for ODBC." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2515.json b/2020/2xxx/CVE-2020-2515.json index 7800d729755..e42c374a299 100644 --- a/2020/2xxx/CVE-2020-2515.json +++ b/2020/2xxx/CVE-2020-2515.json @@ -1,17 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2515", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "11.2.0.4", + "version_affected": "=" + }, + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data as well as unauthorized read access to a subset of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data as well as unauthorized read access to a subset of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2516.json b/2020/2xxx/CVE-2020-2516.json index a7d2daee1b2..10022020d1b 100644 --- a/2020/2xxx/CVE-2020-2516.json +++ b/2020/2xxx/CVE-2020-2516.json @@ -1,17 +1,74 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2516", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data. CVSS 3.0 Base Score 2.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker having Create Materialized View, Create Table privilege with network access via OracleNet to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2517.json b/2020/2xxx/CVE-2020-2517.json index 31bf9a63d5c..f121ba9b7b8 100644 --- a/2020/2xxx/CVE-2020-2517.json +++ b/2020/2xxx/CVE-2020-2517.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2517", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Database Gateway for ODBC component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC. CVSS 3.0 Base Score 3.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker having Create Procedure, Create Database Link privilege with network access via OracleNet to compromise Database Gateway for ODBC. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Database Gateway for ODBC accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Database Gateway for ODBC." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2518.json b/2020/2xxx/CVE-2020-2518.json index f5cca796071..7859774e195 100644 --- a/2020/2xxx/CVE-2020-2518.json +++ b/2020/2xxx/CVE-2020-2518.json @@ -1,17 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2518", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "11.2.0.4", + "version_affected": "=" + }, + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker having Create Session privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in takeover of Java VM." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2519.json b/2020/2xxx/CVE-2020-2519.json index 8300334feb2..cf5da15f819 100644 --- a/2020/2xxx/CVE-2020-2519.json +++ b/2020/2xxx/CVE-2020-2519.json @@ -1,17 +1,74 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2519", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server. CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2527.json b/2020/2xxx/CVE-2020-2527.json index 850505e3ef7..7ed4593aebc 100644 --- a/2020/2xxx/CVE-2020-2527.json +++ b/2020/2xxx/CVE-2020-2527.json @@ -1,17 +1,74 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2527", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker having Create Index, Create Table privilege with network access via OracleNet to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Core RDBMS accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2530.json b/2020/2xxx/CVE-2020-2530.json index f74116277bc..b6d9bafb274 100644 --- a/2020/2xxx/CVE-2020-2530.json +++ b/2020/2xxx/CVE-2020-2530.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2530", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HTTP Server", + "version": { + "version_data": [ + { + "version_value": "11.1.1.9.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2531.json b/2020/2xxx/CVE-2020-2531.json index c89e3145ce5..e1f155358d3 100644 --- a/2020/2xxx/CVE-2020-2531.json +++ b/2020/2xxx/CVE-2020-2531.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2531", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Business Intelligence Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: BI Platform Security). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2533.json b/2020/2xxx/CVE-2020-2533.json index d66891e5280..44b67b1568e 100644 --- a/2020/2xxx/CVE-2020-2533.json +++ b/2020/2xxx/CVE-2020-2533.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2533", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reports Developer", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2534.json b/2020/2xxx/CVE-2020-2534.json index 44887a3631c..07f26affdb6 100644 --- a/2020/2xxx/CVE-2020-2534.json +++ b/2020/2xxx/CVE-2020-2534.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2534", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reports Developer", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Reports Developer product of Oracle Fusion Middleware (component: Security and Authentication). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2535.json b/2020/2xxx/CVE-2020-2535.json index 4bc95ffdd3a..7d4db92d9c4 100644 --- a/2020/2xxx/CVE-2020-2535.json +++ b/2020/2xxx/CVE-2020-2535.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2535", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Business Intelligence Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Server). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2536.json b/2020/2xxx/CVE-2020-2536.json index e4c4820616e..9c225bdaf7c 100644 --- a/2020/2xxx/CVE-2020-2536.json +++ b/2020/2xxx/CVE-2020-2536.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2536", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2537.json b/2020/2xxx/CVE-2020-2537.json index 750aeb96d9d..f5fc9a79b95 100644 --- a/2020/2xxx/CVE-2020-2537.json +++ b/2020/2xxx/CVE-2020-2537.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2537", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Business Intelligence Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2538.json b/2020/2xxx/CVE-2020-2538.json index 2db07790111..a6e479844e1 100644 --- a/2020/2xxx/CVE-2020-2538.json +++ b/2020/2xxx/CVE-2020-2538.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2538", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebCenter Sites", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites. CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle WebCenter Sites." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2539.json b/2020/2xxx/CVE-2020-2539.json index fad1f8676c7..141b8e08d99 100644 --- a/2020/2xxx/CVE-2020-2539.json +++ b/2020/2xxx/CVE-2020-2539.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2539", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebCenter Sites", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2540.json b/2020/2xxx/CVE-2020-2540.json index 57d029b120f..a52fb25e9a0 100644 --- a/2020/2xxx/CVE-2020-2540.json +++ b/2020/2xxx/CVE-2020-2540.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2540", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2541.json b/2020/2xxx/CVE-2020-2541.json index 77ca6d2c996..c9a11a52f9f 100644 --- a/2020/2xxx/CVE-2020-2541.json +++ b/2020/2xxx/CVE-2020-2541.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2541", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2542.json b/2020/2xxx/CVE-2020-2542.json index 6cc6f83e5f7..1333b80dabd 100644 --- a/2020/2xxx/CVE-2020-2542.json +++ b/2020/2xxx/CVE-2020-2542.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2542", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2543.json b/2020/2xxx/CVE-2020-2543.json index 65bd51c1d13..3369fa398bd 100644 --- a/2020/2xxx/CVE-2020-2543.json +++ b/2020/2xxx/CVE-2020-2543.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2543", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2544.json b/2020/2xxx/CVE-2020-2544.json index db53bbffd7e..9373b3a55a0 100644 --- a/2020/2xxx/CVE-2020-2544.json +++ b/2020/2xxx/CVE-2020-2544.json @@ -1,17 +1,74 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2544", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2545.json b/2020/2xxx/CVE-2020-2545.json index 3a53842cd69..2d07ac52464 100644 --- a/2020/2xxx/CVE-2020-2545.json +++ b/2020/2xxx/CVE-2020-2545.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2545", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Security Service", + "version": { + "version_data": [ + { + "version_value": "11.1.1.9.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2546.json b/2020/2xxx/CVE-2020-2546.json index 788fb9105d4..454a3166038 100644 --- a/2020/2xxx/CVE-2020-2546.json +++ b/2020/2xxx/CVE-2020-2546.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2546", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Application Container - JavaEE). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2547.json b/2020/2xxx/CVE-2020-2547.json index 493151ce3b3..f7fd2cc1350 100644 --- a/2020/2xxx/CVE-2020-2547.json +++ b/2020/2xxx/CVE-2020-2547.json @@ -1,17 +1,74 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2547", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2548.json b/2020/2xxx/CVE-2020-2548.json index 3a7598603ac..2852deaccc1 100644 --- a/2020/2xxx/CVE-2020-2548.json +++ b/2020/2xxx/CVE-2020-2548.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2548", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2549.json b/2020/2xxx/CVE-2020-2549.json index 0d33af9f8c8..209dfd4be6f 100644 --- a/2020/2xxx/CVE-2020-2549.json +++ b/2020/2xxx/CVE-2020-2549.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2549", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2550.json b/2020/2xxx/CVE-2020-2550.json index 12a36a3a5d0..5c85aa271d5 100644 --- a/2020/2xxx/CVE-2020-2550.json +++ b/2020/2xxx/CVE-2020-2550.json @@ -1,17 +1,74 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2550", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 5.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle WebLogic Server executes to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data as well as unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2551.json b/2020/2xxx/CVE-2020-2551.json index effcff9e10c..ac232d129f9 100644 --- a/2020/2xxx/CVE-2020-2551.json +++ b/2020/2xxx/CVE-2020-2551.json @@ -1,17 +1,74 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2551", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2552.json b/2020/2xxx/CVE-2020-2552.json index 1cd9309c114..86a80e386dc 100644 --- a/2020/2xxx/CVE-2020-2552.json +++ b/2020/2xxx/CVE-2020-2552.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2552", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebLogic Server", + "version": { + "version_data": [ + { + "version_value": "10.3.6.0.0", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2555.json b/2020/2xxx/CVE-2020-2555.json index c49e72e999d..78c41098a31 100644 --- a/2020/2xxx/CVE-2020-2555.json +++ b/2020/2xxx/CVE-2020-2555.json @@ -1,17 +1,74 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2555", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Coherence", + "version": { + "version_data": [ + { + "version_value": "3.7.1.17", + "version_affected": "=" + }, + { + "version_value": "12.1.3.0.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.4.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.17, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2556.json b/2020/2xxx/CVE-2020-2556.json index 2ac12f3be43..ea8d6a3d9ee 100644 --- a/2020/2xxx/CVE-2020-2556.json +++ b/2020/2xxx/CVE-2020-2556.json @@ -1,17 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2556", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera P6 Professional Project Management", + "version": { + "version_data": [ + { + "version_value": "16.2.0.0-16.2.19.0", + "version_affected": "=" + }, + { + "version_value": "17.12.0.0-17.12.16.0", + "version_affected": "=" + }, + { + "version_value": "18.8.0.0-18.8.16.0", + "version_affected": "=" + }, + { + "version_value": "19.12.0.0", + "version_affected": "=" + }, + { + "version_value": "20.1.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Core). Supported versions that are affected are 16.2.0.0-16.2.19.0, 17.12.0.0-17.12.16.0, 18.8.0.0-18.8.16.0, 19.12.0.0 and 20.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera P6 Enterprise Project Portfolio Management executes to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Primavera P6 Enterprise Project Portfolio Management executes to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Primavera P6 Enterprise Project Portfolio Management." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2557.json b/2020/2xxx/CVE-2020-2557.json index 5c31e3ce708..86e11cd98e4 100644 --- a/2020/2xxx/CVE-2020-2557.json +++ b/2020/2xxx/CVE-2020-2557.json @@ -1,17 +1,74 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2557", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Demantra Demand Management", + "version": { + "version_data": [ + { + "version_value": "12.2.4", + "version_affected": "=" + }, + { + "version_value": "12.2.4.1", + "version_affected": "=" + }, + { + "version_value": "12.2.5", + "version_affected": "=" + }, + { + "version_value": "12.2.5.1", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: Security). Supported versions that are affected are 12.2.4, 12.2.4.1, 12.2.5 and 12.2.5.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Demantra Demand Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Demantra Demand Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Demantra Demand Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2558.json b/2020/2xxx/CVE-2020-2558.json index 6007fa41a81..e85b5506a60 100644 --- a/2020/2xxx/CVE-2020-2558.json +++ b/2020/2xxx/CVE-2020-2558.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2558", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2559.json b/2020/2xxx/CVE-2020-2559.json index 279d49326c2..02ab583e402 100644 --- a/2020/2xxx/CVE-2020-2559.json +++ b/2020/2xxx/CVE-2020-2559.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2559", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Siebel UI Framework", + "version": { + "version_data": [ + { + "version_value": "19.7 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: UIF Open UI). Supported versions that are affected are 19.7 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2560.json b/2020/2xxx/CVE-2020-2560.json index 957d483fb26..9c0020f540c 100644 --- a/2020/2xxx/CVE-2020-2560.json +++ b/2020/2xxx/CVE-2020-2560.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2560", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Siebel UI Framework", + "version": { + "version_data": [ + { + "version_value": "19.10 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Siebel UI Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2561.json b/2020/2xxx/CVE-2020-2561.json index 63a3a223e36..c6ef94f8e77 100644 --- a/2020/2xxx/CVE-2020-2561.json +++ b/2020/2xxx/CVE-2020-2561.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2561", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise HCM Human Resources", + "version": { + "version_data": [ + { + "version_value": "9.2", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Company Dir / Org Chart Viewer). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2563.json b/2020/2xxx/CVE-2020-2563.json index 6df23557acc..5d80b8718ff 100644 --- a/2020/2xxx/CVE-2020-2563.json +++ b/2020/2xxx/CVE-2020-2563.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2563", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hyperion Financial Close Management", + "version": { + "version_data": [ + { + "version_value": "11.1.2.4", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data. CVSS 3.0 Base Score 4.2 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion Financial Close Management. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Hyperion Financial Close Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2564.json b/2020/2xxx/CVE-2020-2564.json index 7fe20d68d34..fc298075549 100644 --- a/2020/2xxx/CVE-2020-2564.json +++ b/2020/2xxx/CVE-2020-2564.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2564", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Siebel UI Framework", + "version": { + "version_data": [ + { + "version_value": "19.10 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: EAI). Supported versions that are affected are 19.10 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel UI Framework. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel UI Framework accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2565.json b/2020/2xxx/CVE-2020-2565.json index 1c4c42a183b..ff3b123ee45 100644 --- a/2020/2xxx/CVE-2020-2565.json +++ b/2020/2xxx/CVE-2020-2565.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2565", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Consolidation Infrastructure). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2566.json b/2020/2xxx/CVE-2020-2566.json index 9e521512523..2218a192d99 100644 --- a/2020/2xxx/CVE-2020-2566.json +++ b/2020/2xxx/CVE-2020-2566.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2566", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Applications Framework", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2567.json b/2020/2xxx/CVE-2020-2567.json index 541d6d356fe..9075e6ae114 100644 --- a/2020/2xxx/CVE-2020-2567.json +++ b/2020/2xxx/CVE-2020-2567.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2567", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Customer Management and Segmentation Foundation", + "version": { + "version_data": [ + { + "version_value": "18.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). The supported version that is affected is 18.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Retail Customer Management and Segmentation Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2568.json b/2020/2xxx/CVE-2020-2568.json index bf90c7d410e..91d45be5a79 100644 --- a/2020/2xxx/CVE-2020-2568.json +++ b/2020/2xxx/CVE-2020-2568.json @@ -1,17 +1,74 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2568", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2569.json b/2020/2xxx/CVE-2020-2569.json index a69372f1df1..0a9b76526f5 100644 --- a/2020/2xxx/CVE-2020-2569.json +++ b/2020/2xxx/CVE-2020-2569.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2569", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PL/SQL", + "version": { + "version_data": [ + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Applications DBA component of Oracle Database Server. Supported versions that are affected are 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Oracle Applications DBA executes to compromise Oracle Applications DBA. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications DBA accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications DBA." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2570.json b/2020/2xxx/CVE-2020-2570.json index 13129e165fc..020ac4070aa 100644 --- a/2020/2xxx/CVE-2020-2570.json +++ b/2020/2xxx/CVE-2020-2570.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2570", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2571.json b/2020/2xxx/CVE-2020-2571.json index 4d9c2e82222..c2df03f6452 100644 --- a/2020/2xxx/CVE-2020-2571.json +++ b/2020/2xxx/CVE-2020-2571.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2571", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "LDOMS", + "version": { + "version_data": [ + { + "version_value": "3.6", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle VM Server for SPARC product of Oracle Systems (component: Templates). The supported version that is affected is 3.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes to compromise Oracle VM Server for SPARC. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM Server for SPARC accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes to compromise Oracle VM Server for SPARC. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM Server for SPARC accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2572.json b/2020/2xxx/CVE-2020-2572.json index f357c86ede2..661e507b38b 100644 --- a/2020/2xxx/CVE-2020-2572.json +++ b/2020/2xxx/CVE-2020-2572.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2572", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plugin). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2573.json b/2020/2xxx/CVE-2020-2573.json index 61c27e4f764..6aff777100c 100644 --- a/2020/2xxx/CVE-2020-2573.json +++ b/2020/2xxx/CVE-2020-2573.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2573", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2574.json b/2020/2xxx/CVE-2020-2574.json index 7e60a2b0f6b..b8772d3c77d 100644 --- a/2020/2xxx/CVE-2020-2574.json +++ b/2020/2xxx/CVE-2020-2574.json @@ -1,17 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2574", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.6.46 and prior", + "version_affected": "=" + }, + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2576.json b/2020/2xxx/CVE-2020-2576.json index d712528aaad..c517b987a1e 100644 --- a/2020/2xxx/CVE-2020-2576.json +++ b/2020/2xxx/CVE-2020-2576.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2576", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.4", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2577.json b/2020/2xxx/CVE-2020-2577.json index 629116b92da..7f64a12ad0d 100644 --- a/2020/2xxx/CVE-2020-2577.json +++ b/2020/2xxx/CVE-2020-2577.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2577", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2578.json b/2020/2xxx/CVE-2020-2578.json index 63adb36a885..e44c71a6b09 100644 --- a/2020/2xxx/CVE-2020-2578.json +++ b/2020/2xxx/CVE-2020-2578.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2578", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2579.json b/2020/2xxx/CVE-2020-2579.json index 9a7dc6972eb..dff64c3762c 100644 --- a/2020/2xxx/CVE-2020-2579.json +++ b/2020/2xxx/CVE-2020-2579.json @@ -1,17 +1,75 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2579", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.6.46 and prior", + "version_affected": "=" + }, + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2580.json b/2020/2xxx/CVE-2020-2580.json index a515dcdebc0..54d7f86d490 100644 --- a/2020/2xxx/CVE-2020-2580.json +++ b/2020/2xxx/CVE-2020-2580.json @@ -1,17 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2580", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.17 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2581.json b/2020/2xxx/CVE-2020-2581.json index 42867e3502c..1e6b1f4e667 100644 --- a/2020/2xxx/CVE-2020-2581.json +++ b/2020/2xxx/CVE-2020-2581.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2581", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GraalVM Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "19.3.0.2", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM Enterprise Edition. CVSS 3.0 Base Score 4.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Edition executes to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM Enterprise Edition." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2582.json b/2020/2xxx/CVE-2020-2582.json index 43512b63301..648375318bd 100644 --- a/2020/2xxx/CVE-2020-2582.json +++ b/2020/2xxx/CVE-2020-2582.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2582", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iStore", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2583.json b/2020/2xxx/CVE-2020-2583.json index 907cdd83575..58feedbe1cd 100644 --- a/2020/2xxx/CVE-2020-2583.json +++ b/2020/2xxx/CVE-2020-2583.json @@ -1,17 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2583", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u231", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0128", + "url": "https://access.redhat.com/errata/RHSA-2020:0128" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0122", + "url": "https://access.redhat.com/errata/RHSA-2020:0122" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4605", + "url": "https://www.debian.org/security/2020/dsa-4605" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", + "url": "https://seclists.org/bugtraq/2020/Jan/24" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0157", + "url": "https://access.redhat.com/errata/RHSA-2020:0157" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0196", + "url": "https://access.redhat.com/errata/RHSA-2020:0196" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0113", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html" } ] } diff --git a/2020/2xxx/CVE-2020-2584.json b/2020/2xxx/CVE-2020-2584.json index a5561451edd..7e7c027d0d1 100644 --- a/2020/2xxx/CVE-2020-2584.json +++ b/2020/2xxx/CVE-2020-2584.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2584", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2585.json b/2020/2xxx/CVE-2020-2585.json index 72bcf36d9df..86a71ecb10b 100644 --- a/2020/2xxx/CVE-2020-2585.json +++ b/2020/2xxx/CVE-2020-2585.json @@ -1,17 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2585", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 8u231", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" } ] } diff --git a/2020/2xxx/CVE-2020-2586.json b/2020/2xxx/CVE-2020-2586.json index e6f58099748..75edf093dc4 100644 --- a/2020/2xxx/CVE-2020-2586.json +++ b/2020/2xxx/CVE-2020-2586.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2586", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Human Resources", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2587.json b/2020/2xxx/CVE-2020-2587.json index 394b921e690..7e469a6e677 100644 --- a/2020/2xxx/CVE-2020-2587.json +++ b/2020/2xxx/CVE-2020-2587.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2587", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Human Resources", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Human Resources. While the vulnerability is in Oracle Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Human Resources." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2588.json b/2020/2xxx/CVE-2020-2588.json index f25ce02ce0a..8ceff3f65f2 100644 --- a/2020/2xxx/CVE-2020-2588.json +++ b/2020/2xxx/CVE-2020-2588.json @@ -1,17 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2588", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2589.json b/2020/2xxx/CVE-2020-2589.json index 9bc86fd124d..f23eab13de3 100644 --- a/2020/2xxx/CVE-2020-2589.json +++ b/2020/2xxx/CVE-2020-2589.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2589", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.17 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.28 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2590.json b/2020/2xxx/CVE-2020-2590.json index c9a267665c7..92c4b7567ff 100644 --- a/2020/2xxx/CVE-2020-2590.json +++ b/2020/2xxx/CVE-2020-2590.json @@ -1,17 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2590", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u231", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0128", + "url": "https://access.redhat.com/errata/RHSA-2020:0128" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0122", + "url": "https://access.redhat.com/errata/RHSA-2020:0122" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4605", + "url": "https://www.debian.org/security/2020/dsa-4605" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", + "url": "https://seclists.org/bugtraq/2020/Jan/24" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0157", + "url": "https://access.redhat.com/errata/RHSA-2020:0157" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0196", + "url": "https://access.redhat.com/errata/RHSA-2020:0196" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0113", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html" } ] } diff --git a/2020/2xxx/CVE-2020-2591.json b/2020/2xxx/CVE-2020-2591.json index 689bd7b3711..1d93745814f 100644 --- a/2020/2xxx/CVE-2020-2591.json +++ b/2020/2xxx/CVE-2020-2591.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2591", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Web Applications Desktop Integrator", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Application Service). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Web Applications Desktop Integrator accessible data as well as unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Web Applications Desktop Integrator accessible data as well as unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2592.json b/2020/2xxx/CVE-2020-2592.json index 9af44e9a0eb..745cf5a3944 100644 --- a/2020/2xxx/CVE-2020-2592.json +++ b/2020/2xxx/CVE-2020-2592.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2592", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "AutoVue 3D Professional Advanced", + "version": { + "version_data": [ + { + "version_value": "12.0.2", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security). The supported version that is affected is 12.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle AutoVue. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle AutoVue accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2593.json b/2020/2xxx/CVE-2020-2593.json index 10016917e37..b7d7332697f 100644 --- a/2020/2xxx/CVE-2020-2593.json +++ b/2020/2xxx/CVE-2020-2593.json @@ -1,17 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2593", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u231", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0128", + "url": "https://access.redhat.com/errata/RHSA-2020:0128" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0122", + "url": "https://access.redhat.com/errata/RHSA-2020:0122" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4605", + "url": "https://www.debian.org/security/2020/dsa-4605" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", + "url": "https://seclists.org/bugtraq/2020/Jan/24" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0157", + "url": "https://access.redhat.com/errata/RHSA-2020:0157" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0196", + "url": "https://access.redhat.com/errata/RHSA-2020:0196" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0113", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html" } ] } diff --git a/2020/2xxx/CVE-2020-2595.json b/2020/2xxx/CVE-2020-2595.json index 4578a75bc24..7668d5dc404 100644 --- a/2020/2xxx/CVE-2020-2595.json +++ b/2020/2xxx/CVE-2020-2595.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2595", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "GraalVM Enterprise Edition", + "version": { + "version_data": [ + { + "version_value": "19.3.0.2", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data. CVSS 3.0 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2596.json b/2020/2xxx/CVE-2020-2596.json index 9074b4f910e..829383c59c4 100644 --- a/2020/2xxx/CVE-2020-2596.json +++ b/2020/2xxx/CVE-2020-2596.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2596", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Message Hooks). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2597.json b/2020/2xxx/CVE-2020-2597.json index 8a53b342e96..f4428e79072 100644 --- a/2020/2xxx/CVE-2020-2597.json +++ b/2020/2xxx/CVE-2020-2597.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2597", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "One-to-One Fulfillment", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Call Phone Number Page). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2598.json b/2020/2xxx/CVE-2020-2598.json index b15e7838cd9..13eda422ce0 100644 --- a/2020/2xxx/CVE-2020-2598.json +++ b/2020/2xxx/CVE-2020-2598.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2598", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Activity Guide). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2599.json b/2020/2xxx/CVE-2020-2599.json index 7cccf7bb33d..164f7e68075 100644 --- a/2020/2xxx/CVE-2020-2599.json +++ b/2020/2xxx/CVE-2020-2599.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2599", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Cruise Materials Management", + "version": { + "version_data": [ + { + "version_value": "7.30.567", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Hospitality Cruise Materials Management product of Oracle Hospitality Applications (component: MMS All). The supported version that is affected is 7.30.567. Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Materials Management accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows physical access to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Materials Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2600.json b/2020/2xxx/CVE-2020-2600.json index 2b63f3f7849..a3e8de7839c 100644 --- a/2020/2xxx/CVE-2020-2600.json +++ b/2020/2xxx/CVE-2020-2600.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2600", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2601.json b/2020/2xxx/CVE-2020-2601.json index e39bacce309..1604e9f444b 100644 --- a/2020/2xxx/CVE-2020-2601.json +++ b/2020/2xxx/CVE-2020-2601.json @@ -1,17 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2601", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u231", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 6.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Kerberos to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0128", + "url": "https://access.redhat.com/errata/RHSA-2020:0128" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0122", + "url": "https://access.redhat.com/errata/RHSA-2020:0122" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4605", + "url": "https://www.debian.org/security/2020/dsa-4605" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", + "url": "https://seclists.org/bugtraq/2020/Jan/24" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0157", + "url": "https://access.redhat.com/errata/RHSA-2020:0157" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0196", + "url": "https://access.redhat.com/errata/RHSA-2020:0196" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0113", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html" } ] } diff --git a/2020/2xxx/CVE-2020-2602.json b/2020/2xxx/CVE-2020-2602.json index e7328e179db..ea27825b733 100644 --- a/2020/2xxx/CVE-2020-2602.json +++ b/2020/2xxx/CVE-2020-2602.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2602", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Tree Manager). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2603.json b/2020/2xxx/CVE-2020-2603.json index f1e2ea53918..3c86e390995 100644 --- a/2020/2xxx/CVE-2020-2603.json +++ b/2020/2xxx/CVE-2020-2603.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2603", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Field Service", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Field Service product of Oracle E-Business Suite (component: Wireless). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Field Service accessible data as well as unauthorized read access to a subset of Oracle Field Service accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Field Service accessible data as well as unauthorized read access to a subset of Oracle Field Service accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2604.json b/2020/2xxx/CVE-2020-2604.json index f8c823421a9..a9e4795635e 100644 --- a/2020/2xxx/CVE-2020-2604.json +++ b/2020/2xxx/CVE-2020-2604.json @@ -1,17 +1,91 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2604", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u231", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS v3.0 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0128", + "url": "https://access.redhat.com/errata/RHSA-2020:0128" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0122", + "url": "https://access.redhat.com/errata/RHSA-2020:0122" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0196", + "url": "https://access.redhat.com/errata/RHSA-2020:0196" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0113", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html" } ] } diff --git a/2020/2xxx/CVE-2020-2605.json b/2020/2xxx/CVE-2020-2605.json index 6211b1e27a4..877bcc7bf76 100644 --- a/2020/2xxx/CVE-2020-2605.json +++ b/2020/2xxx/CVE-2020-2605.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2605", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2606.json b/2020/2xxx/CVE-2020-2606.json index 5575cbb2de5..bf9d5b40f17 100644 --- a/2020/2xxx/CVE-2020-2606.json +++ b/2020/2xxx/CVE-2020-2606.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2606", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2607.json b/2020/2xxx/CVE-2020-2607.json index 0635c5ffc16..c5dcadcf98d 100644 --- a/2020/2xxx/CVE-2020-2607.json +++ b/2020/2xxx/CVE-2020-2607.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2607", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2608.json b/2020/2xxx/CVE-2020-2608.json index 2650ffb1bdf..87d7ecb8073 100644 --- a/2020/2xxx/CVE-2020-2608.json +++ b/2020/2xxx/CVE-2020-2608.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2608", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Repository). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2609.json b/2020/2xxx/CVE-2020-2609.json index 3d0262850c8..2971e1fc080 100644 --- a/2020/2xxx/CVE-2020-2609.json +++ b/2020/2xxx/CVE-2020-2609.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2609", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2610.json b/2020/2xxx/CVE-2020-2610.json index f6962ac02e8..3248baa9bb9 100644 --- a/2020/2xxx/CVE-2020-2610.json +++ b/2020/2xxx/CVE-2020-2610.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2610", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2611.json b/2020/2xxx/CVE-2020-2611.json index 7a1e72dd085..81ebe9f4940 100644 --- a/2020/2xxx/CVE-2020-2611.json +++ b/2020/2xxx/CVE-2020-2611.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2611", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2612.json b/2020/2xxx/CVE-2020-2612.json index c9294fd18be..648f97a812d 100644 --- a/2020/2xxx/CVE-2020-2612.json +++ b/2020/2xxx/CVE-2020-2612.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2612", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2613.json b/2020/2xxx/CVE-2020-2613.json index c7647d89f90..a9c2a833f7f 100644 --- a/2020/2xxx/CVE-2020-2613.json +++ b/2020/2xxx/CVE-2020-2613.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2613", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Global EM Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2614.json b/2020/2xxx/CVE-2020-2614.json index 9fdbce9d233..2f6a1f12a85 100644 --- a/2020/2xxx/CVE-2020-2614.json +++ b/2020/2xxx/CVE-2020-2614.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2614", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "APM - Application Performance Management", + "version": { + "version_data": [ + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager for Fusion Middleware product of Oracle Enterprise Manager (component: APM Mesh). Supported versions that are affected are 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Fusion Middleware accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Fusion Middleware. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Fusion Middleware accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Fusion Middleware accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Fusion Middleware." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2615.json b/2020/2xxx/CVE-2020-2615.json index a3a1bdce2ca..3e7205b1d89 100644 --- a/2020/2xxx/CVE-2020-2615.json +++ b/2020/2xxx/CVE-2020-2615.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2615", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2616.json b/2020/2xxx/CVE-2020-2616.json index 8dfeb5a57f3..f30987f53b9 100644 --- a/2020/2xxx/CVE-2020-2616.json +++ b/2020/2xxx/CVE-2020-2616.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2616", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Manager Repository). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2617.json b/2020/2xxx/CVE-2020-2617.json index 31931734fe9..8d6f3168f06 100644 --- a/2020/2xxx/CVE-2020-2617.json +++ b/2020/2xxx/CVE-2020-2617.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2617", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2618.json b/2020/2xxx/CVE-2020-2618.json index d9fdd178adf..04f6fac44aa 100644 --- a/2020/2xxx/CVE-2020-2618.json +++ b/2020/2xxx/CVE-2020-2618.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2618", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2619.json b/2020/2xxx/CVE-2020-2619.json index 22893c1cf3e..634103bd779 100644 --- a/2020/2xxx/CVE-2020-2619.json +++ b/2020/2xxx/CVE-2020-2619.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2619", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2620.json b/2020/2xxx/CVE-2020-2620.json index 101a708e896..9162c754ec8 100644 --- a/2020/2xxx/CVE-2020-2620.json +++ b/2020/2xxx/CVE-2020-2620.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2620", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2621.json b/2020/2xxx/CVE-2020-2621.json index 36847b0df9b..9abdb5cc057 100644 --- a/2020/2xxx/CVE-2020-2621.json +++ b/2020/2xxx/CVE-2020-2621.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2621", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2622.json b/2020/2xxx/CVE-2020-2622.json index 7b06c4fa460..9df1cf01ebc 100644 --- a/2020/2xxx/CVE-2020-2622.json +++ b/2020/2xxx/CVE-2020-2622.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2622", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2623.json b/2020/2xxx/CVE-2020-2623.json index 8663ca3e972..88694f1eae6 100644 --- a/2020/2xxx/CVE-2020-2623.json +++ b/2020/2xxx/CVE-2020-2623.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2623", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metrics Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2624.json b/2020/2xxx/CVE-2020-2624.json index 3168d8aa2bd..bb86411f2d9 100644 --- a/2020/2xxx/CVE-2020-2624.json +++ b/2020/2xxx/CVE-2020-2624.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2624", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2625.json b/2020/2xxx/CVE-2020-2625.json index 89f2dc88b1f..437799b0d97 100644 --- a/2020/2xxx/CVE-2020-2625.json +++ b/2020/2xxx/CVE-2020-2625.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2625", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2626.json b/2020/2xxx/CVE-2020-2626.json index b95b7931f32..99d09edaaaf 100644 --- a/2020/2xxx/CVE-2020-2626.json +++ b/2020/2xxx/CVE-2020-2626.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2626", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Cloud Control Manager - OMS). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2627.json b/2020/2xxx/CVE-2020-2627.json index b65299cdb1f..fc5e7cb58be 100644 --- a/2020/2xxx/CVE-2020-2627.json +++ b/2020/2xxx/CVE-2020-2627.json @@ -1,17 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2627", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2628.json b/2020/2xxx/CVE-2020-2628.json index f3c24551a42..8484a6f3cc7 100644 --- a/2020/2xxx/CVE-2020-2628.json +++ b/2020/2xxx/CVE-2020-2628.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2628", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2629.json b/2020/2xxx/CVE-2020-2629.json index c656c0dba7b..b2eb3fc1615 100644 --- a/2020/2xxx/CVE-2020-2629.json +++ b/2020/2xxx/CVE-2020-2629.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2629", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2630.json b/2020/2xxx/CVE-2020-2630.json index 1622032de64..f6a2e2c5bf3 100644 --- a/2020/2xxx/CVE-2020-2630.json +++ b/2020/2xxx/CVE-2020-2630.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2630", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Extensibility Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2631.json b/2020/2xxx/CVE-2020-2631.json index c48139b38d1..dc0ef918189 100644 --- a/2020/2xxx/CVE-2020-2631.json +++ b/2020/2xxx/CVE-2020-2631.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2631", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2632.json b/2020/2xxx/CVE-2020-2632.json index 564e2cfaa0c..38bb2b72f59 100644 --- a/2020/2xxx/CVE-2020-2632.json +++ b/2020/2xxx/CVE-2020-2632.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2632", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2633.json b/2020/2xxx/CVE-2020-2633.json index 365dd79ac24..18cde616211 100644 --- a/2020/2xxx/CVE-2020-2633.json +++ b/2020/2xxx/CVE-2020-2633.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2633", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2634.json b/2020/2xxx/CVE-2020-2634.json index 1ce7c23d8ad..fb3f7ab5568 100644 --- a/2020/2xxx/CVE-2020-2634.json +++ b/2020/2xxx/CVE-2020-2634.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2634", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Configuration Standard Framewk). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2635.json b/2020/2xxx/CVE-2020-2635.json index 02fcd3d2451..b78ed3db116 100644 --- a/2020/2xxx/CVE-2020-2635.json +++ b/2020/2xxx/CVE-2020-2635.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2635", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: System Monitoring). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2636.json b/2020/2xxx/CVE-2020-2636.json index e715df34c74..b94f8784d92 100644 --- a/2020/2xxx/CVE-2020-2636.json +++ b/2020/2xxx/CVE-2020-2636.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2636", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Application Service Level Mgmt). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2637.json b/2020/2xxx/CVE-2020-2637.json index dfbdefcd2f0..a43f29ab6ff 100644 --- a/2020/2xxx/CVE-2020-2637.json +++ b/2020/2xxx/CVE-2020-2637.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2637", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager for Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Change Manager - web based). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2638.json b/2020/2xxx/CVE-2020-2638.json index 22fbf10cdc2..bb1066a3ff1 100644 --- a/2020/2xxx/CVE-2020-2638.json +++ b/2020/2xxx/CVE-2020-2638.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2638", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2639.json b/2020/2xxx/CVE-2020-2639.json index 98d484c503b..edc961eb49b 100644 --- a/2020/2xxx/CVE-2020-2639.json +++ b/2020/2xxx/CVE-2020-2639.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2639", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2640.json b/2020/2xxx/CVE-2020-2640.json index 4cd0339ad4c..d16a1f82b2c 100644 --- a/2020/2xxx/CVE-2020-2640.json +++ b/2020/2xxx/CVE-2020-2640.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2640", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Target Management). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2641.json b/2020/2xxx/CVE-2020-2641.json index 7dee8f67e64..b1db6e66ed5 100644 --- a/2020/2xxx/CVE-2020-2641.json +++ b/2020/2xxx/CVE-2020-2641.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2641", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager for Oracle Database product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager for Oracle Database. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager for Oracle Database accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager for Oracle Database accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager for Oracle Database." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2642.json b/2020/2xxx/CVE-2020-2642.json index e67d2178888..d7f0da8fc6c 100644 --- a/2020/2xxx/CVE-2020-2642.json +++ b/2020/2xxx/CVE-2020-2642.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2642", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2643.json b/2020/2xxx/CVE-2020-2643.json index 7da989cd668..a322acc7e5c 100644 --- a/2020/2xxx/CVE-2020-2643.json +++ b/2020/2xxx/CVE-2020-2643.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2643", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Job System). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2644.json b/2020/2xxx/CVE-2020-2644.json index 3ee871cc374..d6bf7614fb2 100644 --- a/2020/2xxx/CVE-2020-2644.json +++ b/2020/2xxx/CVE-2020-2644.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2644", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2645.json b/2020/2xxx/CVE-2020-2645.json index 049c59e16d1..d2c977336c0 100644 --- a/2020/2xxx/CVE-2020-2645.json +++ b/2020/2xxx/CVE-2020-2645.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2645", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Connector Framework). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform. CVSS 3.0 Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Enterprise Manager Base Platform." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2646.json b/2020/2xxx/CVE-2020-2646.json index 7065b5ecdbf..c59636e8248 100644 --- a/2020/2xxx/CVE-2020-2646.json +++ b/2020/2xxx/CVE-2020-2646.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2646", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enterprise Manager Base Platform", + "version": { + "version_data": [ + { + "version_value": "12.1.0.5", + "version_affected": "=" + }, + { + "version_value": "13.2.0.0", + "version_affected": "=" + }, + { + "version_value": "13.3.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Command Line Interface). Supported versions that are affected are 12.1.0.5, 13.2.0.0 and 13.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Enterprise Manager Base Platform, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data as well as unauthorized read access to a subset of Enterprise Manager Base Platform accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2647.json b/2020/2xxx/CVE-2020-2647.json index 4647d6058ec..70ef9d01e74 100644 --- a/2020/2xxx/CVE-2020-2647.json +++ b/2020/2xxx/CVE-2020-2647.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2647", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "10", + "version_affected": "=" + }, + { + "version_value": "11", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2648.json b/2020/2xxx/CVE-2020-2648.json index ab5e07baba9..a086d88e1a7 100644 --- a/2020/2xxx/CVE-2020-2648.json +++ b/2020/2xxx/CVE-2020-2648.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2648", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Customer Management and Segmentation Foundation", + "version": { + "version_data": [ + { + "version_value": "16.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 16.0. Easily exploitable vulnerability allows physical access to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation. CVSS 3.0 Base Score 6.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows physical access to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in takeover of Oracle Retail Customer Management and Segmentation Foundation." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2649.json b/2020/2xxx/CVE-2020-2649.json index e5335abb486..4e747362b50 100644 --- a/2020/2xxx/CVE-2020-2649.json +++ b/2020/2xxx/CVE-2020-2649.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2649", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Customer Management and Segmentation Foundation", + "version": { + "version_data": [ + { + "version_value": "16.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Internal Operations). The supported version that is affected is 16.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Customer Management and Segmentation Foundation executes to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Retail Customer Management and Segmentation Foundation executes to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2650.json b/2020/2xxx/CVE-2020-2650.json index 175debdb0b3..2f7f228e358 100644 --- a/2020/2xxx/CVE-2020-2650.json +++ b/2020/2xxx/CVE-2020-2650.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2650", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Retail Customer Management and Segmentation Foundation", + "version": { + "version_data": [ + { + "version_value": "16.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 16.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Retail Customer Management and Segmentation Foundation. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Retail Customer Management and Segmentation Foundation accessible data as well as unauthorized read access to a subset of Oracle Retail Customer Management and Segmentation Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2651.json b/2020/2xxx/CVE-2020-2651.json index 21904f0799a..06c47116fe4 100644 --- a/2020/2xxx/CVE-2020-2651.json +++ b/2020/2xxx/CVE-2020-2651.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2651", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2652.json b/2020/2xxx/CVE-2020-2652.json index 6004533885b..731dc41982c 100644 --- a/2020/2xxx/CVE-2020-2652.json +++ b/2020/2xxx/CVE-2020-2652.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2652", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2653.json b/2020/2xxx/CVE-2020-2653.json index 0074d6706bb..47df3b84d81 100644 --- a/2020/2xxx/CVE-2020-2653.json +++ b/2020/2xxx/CVE-2020-2653.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2653", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle CRM Technical Foundation accessible data as well as unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2654.json b/2020/2xxx/CVE-2020-2654.json index b488036e190..114770637a9 100644 --- a/2020/2xxx/CVE-2020-2654.json +++ b/2020/2xxx/CVE-2020-2654.json @@ -1,17 +1,102 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2654", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u241, 8u231, 11.0.5, 13.0.1", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Java SE product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0128", + "url": "https://access.redhat.com/errata/RHSA-2020:0128" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0122", + "url": "https://access.redhat.com/errata/RHSA-2020:0122" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4605", + "url": "https://www.debian.org/security/2020/dsa-4605" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", + "url": "https://seclists.org/bugtraq/2020/Jan/24" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0157", + "url": "https://access.redhat.com/errata/RHSA-2020:0157" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0196", + "url": "https://access.redhat.com/errata/RHSA-2020:0196" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0113", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html" } ] } diff --git a/2020/2xxx/CVE-2020-2655.json b/2020/2xxx/CVE-2020-2655.json index e09043f1c82..9a54a333c1f 100644 --- a/2020/2xxx/CVE-2020-2655.json +++ b/2020/2xxx/CVE-2020-2655.json @@ -1,17 +1,92 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2655", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 11.0.5, 13.0.1", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0128", + "url": "https://access.redhat.com/errata/RHSA-2020:0128" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0122", + "url": "https://access.redhat.com/errata/RHSA-2020:0122" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4605", + "url": "https://www.debian.org/security/2020/dsa-4605" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4605-1] openjdk-11 security update", + "url": "https://seclists.org/bugtraq/2020/Jan/24" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0113", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00050.html" } ] } diff --git a/2020/2xxx/CVE-2020-2656.json b/2020/2xxx/CVE-2020-2656.json index ed4b4596442..e3ab24e9edb 100644 --- a/2020/2xxx/CVE-2020-2656.json +++ b/2020/2xxx/CVE-2020-2656.json @@ -1,17 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2656", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "10", + "version_affected": "=" + }, + { + "version_value": "11", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: X Window System). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20200117 CVE-2020-2656 - Low impact information disclosure via Solaris xlock", + "url": "https://seclists.org/bugtraq/2020/Jan/23" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155990/Solaris-xlock-Information-Disclosure.html", + "url": "http://packetstormsecurity.com/files/155990/Solaris-xlock-Information-Disclosure.html" + }, + { + "refsource": "FULLDISC", + "name": "20200117 CVE-2020-2656 - Low impact information disclosure via Solaris xlock", + "url": "http://seclists.org/fulldisclosure/2020/Jan/23" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200120 CVE-2020-2656, CVE-2020-2696 - Multiple vulnerabilities in Oracle Solaris", + "url": "http://www.openwall.com/lists/oss-security/2020/01/20/2" } ] } diff --git a/2020/2xxx/CVE-2020-2657.json b/2020/2xxx/CVE-2020-2657.json index b90ea9a7156..63bc5682d81 100644 --- a/2020/2xxx/CVE-2020-2657.json +++ b/2020/2xxx/CVE-2020-2657.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2657", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CRM Technical Foundation", + "version": { + "version_data": [ + { + "version_value": "12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle CRM Technical Foundation, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2658.json b/2020/2xxx/CVE-2020-2658.json index 20ee8781c72..964a8c1a64e 100644 --- a/2020/2xxx/CVE-2020-2658.json +++ b/2020/2xxx/CVE-2020-2658.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2658", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2659.json b/2020/2xxx/CVE-2020-2659.json index 24c2cce17f9..18e6915a268 100644 --- a/2020/2xxx/CVE-2020-2659.json +++ b/2020/2xxx/CVE-2020-2659.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2659", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java", + "version": { + "version_data": [ + { + "version_value": "Java SE: 7u241, 8u231", + "version_affected": "=" + }, + { + "version_value": "Java SE Embedded: 8u231", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Networking). Supported versions that are affected are Java SE: 7u241 and 8u231; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0157", + "url": "https://access.redhat.com/errata/RHSA-2020:0157" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0196", + "url": "https://access.redhat.com/errata/RHSA-2020:0196" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0003/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0003/" } ] } diff --git a/2020/2xxx/CVE-2020-2660.json b/2020/2xxx/CVE-2020-2660.json index 87586156ba1..79636260ecb 100644 --- a/2020/2xxx/CVE-2020-2660.json +++ b/2020/2xxx/CVE-2020-2660.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2660", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.7.28 and prior", + "version_affected": "=" + }, + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2661.json b/2020/2xxx/CVE-2020-2661.json index d861406d731..c32fab0afc1 100644 --- a/2020/2xxx/CVE-2020-2661.json +++ b/2020/2xxx/CVE-2020-2661.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2661", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2662.json b/2020/2xxx/CVE-2020-2662.json index db7f626b78b..993014b7443 100644 --- a/2020/2xxx/CVE-2020-2662.json +++ b/2020/2xxx/CVE-2020-2662.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2662", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2663.json b/2020/2xxx/CVE-2020-2663.json index 005e0334da2..d8ea14da8dd 100644 --- a/2020/2xxx/CVE-2020-2663.json +++ b/2020/2xxx/CVE-2020-2663.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2663", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2664.json b/2020/2xxx/CVE-2020-2664.json index 52b9f211e65..7507406c316 100644 --- a/2020/2xxx/CVE-2020-2664.json +++ b/2020/2xxx/CVE-2020-2664.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2664", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.0 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2665.json b/2020/2xxx/CVE-2020-2665.json index f6de7346bfb..b9e4c5a7df4 100644 --- a/2020/2xxx/CVE-2020-2665.json +++ b/2020/2xxx/CVE-2020-2665.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2665", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iSupport accessible data as well as unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2666.json b/2020/2xxx/CVE-2020-2666.json index f5993d59556..84ae4e1a0c9 100644 --- a/2020/2xxx/CVE-2020-2666.json +++ b/2020/2xxx/CVE-2020-2666.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2666", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Applications Framework", + "version": { + "version_data": [ + { + "version_value": "12.2.5-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). Supported versions that are affected are 12.2.5-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.0 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2667.json b/2020/2xxx/CVE-2020-2667.json index e40021500b7..5c603c96007 100644 --- a/2020/2xxx/CVE-2020-2667.json +++ b/2020/2xxx/CVE-2020-2667.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2667", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2668.json b/2020/2xxx/CVE-2020-2668.json index c1a2127a794..04ff8fb8941 100644 --- a/2020/2xxx/CVE-2020-2668.json +++ b/2020/2xxx/CVE-2020-2668.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2668", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iSupport", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2669.json b/2020/2xxx/CVE-2020-2669.json index 37e424a7493..de9d5de3de7 100644 --- a/2020/2xxx/CVE-2020-2669.json +++ b/2020/2xxx/CVE-2020-2669.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2669", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Email Center", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2670.json b/2020/2xxx/CVE-2020-2670.json index 24fc0e4deb1..52fa8fecafa 100644 --- a/2020/2xxx/CVE-2020-2670.json +++ b/2020/2xxx/CVE-2020-2670.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2670", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Email Center", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2671.json b/2020/2xxx/CVE-2020-2671.json index 6575e0f9d9f..e683a241369 100644 --- a/2020/2xxx/CVE-2020-2671.json +++ b/2020/2xxx/CVE-2020-2671.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2671", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Email Center", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2672.json b/2020/2xxx/CVE-2020-2672.json index 7fdc93868f7..a209425dd0a 100644 --- a/2020/2xxx/CVE-2020-2672.json +++ b/2020/2xxx/CVE-2020-2672.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2672", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Email Center", + "version": { + "version_data": [ + { + "version_value": "12.1.1-12.1.3", + "version_affected": "=" + }, + { + "version_value": "12.2.3-12.2.9", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Email Center accessible data as well as unauthorized update, insert or delete access to some of Oracle Email Center accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2673.json b/2020/2xxx/CVE-2020-2673.json index cf95d360da0..16d661ccb44 100644 --- a/2020/2xxx/CVE-2020-2673.json +++ b/2020/2xxx/CVE-2020-2673.json @@ -1,17 +1,74 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2673", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Application Testing Suite", + "version": { + "version_data": [ + { + "version_value": "12.5.0.3", + "version_affected": "=" + }, + { + "version_value": "13.1.0.1", + "version_affected": "=" + }, + { + "version_value": "13.2.0.1", + "version_affected": "=" + }, + { + "version_value": "13.3.0.1", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager (component: Oracle Flow Builder). Supported versions that are affected are 12.5.0.3, 13.1.0.1, 13.2.0.1 and 13.3.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Testing Suite accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2674.json b/2020/2xxx/CVE-2020-2674.json index 1b3e735e822..d57ee15a155 100644 --- a/2020/2xxx/CVE-2020-2674.json +++ b/2020/2xxx/CVE-2020-2674.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2674", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2675.json b/2020/2xxx/CVE-2020-2675.json index c161a4c556e..300305e6fdb 100644 --- a/2020/2xxx/CVE-2020-2675.json +++ b/2020/2xxx/CVE-2020-2675.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2675", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality OPERA 5 Property Services", + "version": { + "version_data": [ + { + "version_value": "5.5", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login). The supported version that is affected is 5.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2676.json b/2020/2xxx/CVE-2020-2676.json index dc0fce98f2b..f3ed7e397ec 100644 --- a/2020/2xxx/CVE-2020-2676.json +++ b/2020/2xxx/CVE-2020-2676.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2676", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality OPERA 5 Property Services", + "version": { + "version_data": [ + { + "version_value": "5.5", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Printing). The supported version that is affected is 5.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality OPERA 5, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 accessible data as well as unauthorized read access to a subset of Oracle Hospitality OPERA 5 accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2677.json b/2020/2xxx/CVE-2020-2677.json index aca9420fde7..f39121a9d00 100644 --- a/2020/2xxx/CVE-2020-2677.json +++ b/2020/2xxx/CVE-2020-2677.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2677", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality OPERA 5 Property Services", + "version": { + "version_data": [ + { + "version_value": "5.5", + "version_affected": "=" + }, + { + "version_value": "5.6", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Login). Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data. CVSS 3.0 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2678.json b/2020/2xxx/CVE-2020-2678.json index 4e588dd80a1..d706d978fa8 100644 --- a/2020/2xxx/CVE-2020-2678.json +++ b/2020/2xxx/CVE-2020-2678.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2678", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2679.json b/2020/2xxx/CVE-2020-2679.json index d07dd02b4ac..cf4a49927d0 100644 --- a/2020/2xxx/CVE-2020-2679.json +++ b/2020/2xxx/CVE-2020-2679.json @@ -1,17 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2679", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2680.json b/2020/2xxx/CVE-2020-2680.json index 9a773a32db7..169bcf01d18 100644 --- a/2020/2xxx/CVE-2020-2680.json +++ b/2020/2xxx/CVE-2020-2680.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2680", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "11", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.0 Base Score 6.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2681.json b/2020/2xxx/CVE-2020-2681.json index ce6240e364b..569c6a27866 100644 --- a/2020/2xxx/CVE-2020-2681.json +++ b/2020/2xxx/CVE-2020-2681.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2681", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2682.json b/2020/2xxx/CVE-2020-2682.json index 679aea94f7f..1e11e707841 100644 --- a/2020/2xxx/CVE-2020-2682.json +++ b/2020/2xxx/CVE-2020-2682.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2682", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2683.json b/2020/2xxx/CVE-2020-2683.json index fd4a3ec2b56..105591ab7c9 100644 --- a/2020/2xxx/CVE-2020-2683.json +++ b/2020/2xxx/CVE-2020-2683.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2683", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "12.0.1-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2684.json b/2020/2xxx/CVE-2020-2684.json index 41bfcf31b97..a16d72ab10b 100644 --- a/2020/2xxx/CVE-2020-2684.json +++ b/2020/2xxx/CVE-2020-2684.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2684", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "12.0.1-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2685.json b/2020/2xxx/CVE-2020-2685.json index b6ebfec4a5d..1d94b8e60df 100644 --- a/2020/2xxx/CVE-2020-2685.json +++ b/2020/2xxx/CVE-2020-2685.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2685", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "12.0.1-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2686.json b/2020/2xxx/CVE-2020-2686.json index 97f0bb481a8..2003602606e 100644 --- a/2020/2xxx/CVE-2020-2686.json +++ b/2020/2xxx/CVE-2020-2686.json @@ -1,17 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2686", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2687.json b/2020/2xxx/CVE-2020-2687.json index 254c78b19e7..c7c47bbb24e 100644 --- a/2020/2xxx/CVE-2020-2687.json +++ b/2020/2xxx/CVE-2020-2687.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2687", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.56", + "version_affected": "=" + }, + { + "version_value": "8.57", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search). Supported versions that are affected are 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2688.json b/2020/2xxx/CVE-2020-2688.json index 73c6944b708..13389f92c45 100644 --- a/2020/2xxx/CVE-2020-2688.json +++ b/2020/2xxx/CVE-2020-2688.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2688", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Analytical Applications Infrastructure", + "version": { + "version_data": [ + { + "version_value": "8.0.4-8.0.8", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Object Migration). Supported versions that are affected are 8.0.4-8.0.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2689.json b/2020/2xxx/CVE-2020-2689.json index eb23e7880c0..db7abc2f7b5 100644 --- a/2020/2xxx/CVE-2020-2689.json +++ b/2020/2xxx/CVE-2020-2689.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2689", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2690.json b/2020/2xxx/CVE-2020-2690.json index a71d83d00ad..1a2932c0b16 100644 --- a/2020/2xxx/CVE-2020-2690.json +++ b/2020/2xxx/CVE-2020-2690.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2690", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2691.json b/2020/2xxx/CVE-2020-2691.json index 29a43c96def..c7103bf3a3d 100644 --- a/2020/2xxx/CVE-2020-2691.json +++ b/2020/2xxx/CVE-2020-2691.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2691", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2692.json b/2020/2xxx/CVE-2020-2692.json index c097dd0a5a3..96cd86eb09c 100644 --- a/2020/2xxx/CVE-2020-2692.json +++ b/2020/2xxx/CVE-2020-2692.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2692", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2693.json b/2020/2xxx/CVE-2020-2693.json index a836731e7b9..66be4ff5850 100644 --- a/2020/2xxx/CVE-2020-2693.json +++ b/2020/2xxx/CVE-2020-2693.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2693", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2694.json b/2020/2xxx/CVE-2020-2694.json index f1f4c533f23..23f753eae7b 100644 --- a/2020/2xxx/CVE-2020-2694.json +++ b/2020/2xxx/CVE-2020-2694.json @@ -1,17 +1,67 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2694", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "8.0.18 and prior", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.18 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200122-0002/", + "url": "https://security.netapp.com/advisory/ntap-20200122-0002/" } ] } diff --git a/2020/2xxx/CVE-2020-2695.json b/2020/2xxx/CVE-2020-2695.json index f1b327ccca1..77e37b2c676 100644 --- a/2020/2xxx/CVE-2020-2695.json +++ b/2020/2xxx/CVE-2020-2695.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2695", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise CC Common Application Objects", + "version": { + "version_data": [ + { + "version_value": "9.1", + "version_affected": "=" + }, + { + "version_value": "9.2", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Approval Framework). Supported versions that are affected are 9.1 and 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2696.json b/2020/2xxx/CVE-2020-2696.json index 7949adc47b0..0bb050bb23a 100644 --- a/2020/2xxx/CVE-2020-2696.json +++ b/2020/2xxx/CVE-2020-2696.json @@ -1,17 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2696", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Solaris Operating System", + "version": { + "version_data": [ + { + "version_value": "10", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155963/SunOS-5.10-Generic_147148-26-Local-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/155963/SunOS-5.10-Generic_147148-26-Local-Privilege-Escalation.html" + }, + { + "refsource": "BUGTRAQ", + "name": "20200117 CVE-2020-2696 - Local privilege escalation via CDE dtsession", + "url": "https://seclists.org/bugtraq/2020/Jan/22" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155991/Common-Desktop-Environment-2.3.1-Buffer-Overflow.html", + "url": "http://packetstormsecurity.com/files/155991/Common-Desktop-Environment-2.3.1-Buffer-Overflow.html" + }, + { + "refsource": "FULLDISC", + "name": "20200117 CVE-2020-2696 - Local privilege escalation via CDE dtsession", + "url": "http://seclists.org/fulldisclosure/2020/Jan/24" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200120 CVE-2020-2656, CVE-2020-2696 - Multiple vulnerabilities in Oracle Solaris", + "url": "http://www.openwall.com/lists/oss-security/2020/01/20/2" } ] } diff --git a/2020/2xxx/CVE-2020-2697.json b/2020/2xxx/CVE-2020-2697.json index 018b74aea3a..3c060065a2e 100644 --- a/2020/2xxx/CVE-2020-2697.json +++ b/2020/2xxx/CVE-2020-2697.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2697", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Hospitality Suites Management", + "version": { + "version_data": [ + { + "version_value": "3.7", + "version_affected": "=" + }, + { + "version_value": "3.8", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Hospitality Suites Management component of Oracle Food and Beverage Applications. Supported versions that are affected are 3.7 and 3.8. Easily exploitable vulnerability allows physical access to compromise Oracle Hospitality Suites Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suites Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suites Management accessible data. CVSS 3.0 Base Score 4.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows physical access to compromise Oracle Hospitality Suites Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suites Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suites Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2698.json b/2020/2xxx/CVE-2020-2698.json index 090e675bd9f..f9f66698448 100644 --- a/2020/2xxx/CVE-2020-2698.json +++ b/2020/2xxx/CVE-2020-2698.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2698", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2699.json b/2020/2xxx/CVE-2020-2699.json index 177944f6fd5..af5bf9a8761 100644 --- a/2020/2xxx/CVE-2020-2699.json +++ b/2020/2xxx/CVE-2020-2699.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2699", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "12.0.1-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2700.json b/2020/2xxx/CVE-2020-2700.json index b32b5feb6c3..b6e8a8b4660 100644 --- a/2020/2xxx/CVE-2020-2700.json +++ b/2020/2xxx/CVE-2020-2700.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2700", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Universal Banking", + "version": { + "version_data": [ + { + "version_value": "12.0.1-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.0.1-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2701.json b/2020/2xxx/CVE-2020-2701.json index 4322958dc97..f9aab36e1d4 100644 --- a/2020/2xxx/CVE-2020-2701.json +++ b/2020/2xxx/CVE-2020-2701.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2701", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2702.json b/2020/2xxx/CVE-2020-2702.json index 92dcf28a0e0..1b3a025a098 100644 --- a/2020/2xxx/CVE-2020-2702.json +++ b/2020/2xxx/CVE-2020-2702.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2702", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2703.json b/2020/2xxx/CVE-2020-2703.json index f5a74e2845f..998ffad64b8 100644 --- a/2020/2xxx/CVE-2020-2703.json +++ b/2020/2xxx/CVE-2020-2703.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2703", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36 and prior to 6.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2704.json b/2020/2xxx/CVE-2020-2704.json index de2b69333e6..29662163ced 100644 --- a/2020/2xxx/CVE-2020-2704.json +++ b/2020/2xxx/CVE-2020-2704.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2704", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2705.json b/2020/2xxx/CVE-2020-2705.json index 7ad52e2bdf1..79b27dc4e66 100644 --- a/2020/2xxx/CVE-2020-2705.json +++ b/2020/2xxx/CVE-2020-2705.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2705", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2707.json b/2020/2xxx/CVE-2020-2707.json index a8e60a53240..3fc8099060b 100644 --- a/2020/2xxx/CVE-2020-2707.json +++ b/2020/2xxx/CVE-2020-2707.json @@ -1,17 +1,78 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2707", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Primavera P6 Enterprise Project Portfolio Management", + "version": { + "version_data": [ + { + "version_value": "15.1.0.0-15.2.18.7", + "version_affected": "=" + }, + { + "version_value": "16.1.0.0-16.2.19.0", + "version_affected": "=" + }, + { + "version_value": "17.1.0.0-17.12.16.0", + "version_affected": "=" + }, + { + "version_value": "18.1.0.0-18.8.16.0", + "version_affected": "=" + }, + { + "version_value": "19.12.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: WebAccess). Supported versions that are affected are 15.1.0.0-15.2.18.7, 16.1.0.0-16.2.19.0, 17.1.0.0-17.12.16.0, 18.1.0.0-18.8.16.0 and 19.12.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2709.json b/2020/2xxx/CVE-2020-2709.json index a6d28bdde6b..5490967d372 100644 --- a/2020/2xxx/CVE-2020-2709.json +++ b/2020/2xxx/CVE-2020-2709.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2709", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "iLearning", + "version": { + "version_data": [ + { + "version_value": "6.1", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle iLearning product of Oracle iLearning (component: Learner Pages). The supported version that is affected is 6.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iLearning accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iLearning accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2710.json b/2020/2xxx/CVE-2020-2710.json index 2df55063f4d..5a90ecbdf0f 100644 --- a/2020/2xxx/CVE-2020-2710.json +++ b/2020/2xxx/CVE-2020-2710.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2710", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Payments", + "version": { + "version_data": [ + { + "version_value": "14.1.0-14.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2711.json b/2020/2xxx/CVE-2020-2711.json index 90803be483d..385eb2749d8 100644 --- a/2020/2xxx/CVE-2020-2711.json +++ b/2020/2xxx/CVE-2020-2711.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2711", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Payments", + "version": { + "version_data": [ + { + "version_value": "14.1.0-14.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2712.json b/2020/2xxx/CVE-2020-2712.json index 38e3a0a0cd0..119d492372e 100644 --- a/2020/2xxx/CVE-2020-2712.json +++ b/2020/2xxx/CVE-2020-2712.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2712", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Payments", + "version": { + "version_data": [ + { + "version_value": "14.1.0-14.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2713.json b/2020/2xxx/CVE-2020-2713.json index 5b89a9c8dfe..c895332df34 100644 --- a/2020/2xxx/CVE-2020-2713.json +++ b/2020/2xxx/CVE-2020-2713.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2713", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Payments", + "version": { + "version_data": [ + { + "version_value": "14.1.0-14.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Payments accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2714.json b/2020/2xxx/CVE-2020-2714.json index d42f4697cc3..7d5f38d1482 100644 --- a/2020/2xxx/CVE-2020-2714.json +++ b/2020/2xxx/CVE-2020-2714.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2714", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Payments", + "version": { + "version_data": [ + { + "version_value": "14.1.0-14.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 14.1.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Payments accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2715.json b/2020/2xxx/CVE-2020-2715.json index 6221fbf666f..70eabb994df 100644 --- a/2020/2xxx/CVE-2020-2715.json +++ b/2020/2xxx/CVE-2020-2715.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2715", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Corporate Lending", + "version": { + "version_data": [ + { + "version_value": "12.3.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2716.json b/2020/2xxx/CVE-2020-2716.json index 58bf2a5b0b8..5e7db22f8f2 100644 --- a/2020/2xxx/CVE-2020-2716.json +++ b/2020/2xxx/CVE-2020-2716.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2716", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Corporate Lending", + "version": { + "version_data": [ + { + "version_value": "12.3.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2717.json b/2020/2xxx/CVE-2020-2717.json index 60a32207903..256bec0ba8b 100644 --- a/2020/2xxx/CVE-2020-2717.json +++ b/2020/2xxx/CVE-2020-2717.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2717", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Corporate Lending", + "version": { + "version_data": [ + { + "version_value": "12.3.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2718.json b/2020/2xxx/CVE-2020-2718.json index fdf08f4fb88..53789a7a51f 100644 --- a/2020/2xxx/CVE-2020-2718.json +++ b/2020/2xxx/CVE-2020-2718.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2718", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Corporate Lending", + "version": { + "version_data": [ + { + "version_value": "12.3.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2719.json b/2020/2xxx/CVE-2020-2719.json index 4b6066f9c6e..03d1c713658 100644 --- a/2020/2xxx/CVE-2020-2719.json +++ b/2020/2xxx/CVE-2020-2719.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2719", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Banking Corporate Lending", + "version": { + "version_data": [ + { + "version_value": "12.3.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core). Supported versions that are affected are 12.3.0-12.4.0 and 14.0.0-14.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2720.json b/2020/2xxx/CVE-2020-2720.json index 01f83799dd3..0408e56b61a 100644 --- a/2020/2xxx/CVE-2020-2720.json +++ b/2020/2xxx/CVE-2020-2720.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2720", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_value": "12.1.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.1.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2721.json b/2020/2xxx/CVE-2020-2721.json index 5332e2d203e..3db59f88c77 100644 --- a/2020/2xxx/CVE-2020-2721.json +++ b/2020/2xxx/CVE-2020-2721.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2721", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_value": "12.1.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.1.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2722.json b/2020/2xxx/CVE-2020-2722.json index d09cb4f912d..f98ef5a1455 100644 --- a/2020/2xxx/CVE-2020-2722.json +++ b/2020/2xxx/CVE-2020-2722.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2722", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_value": "12.1.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.1.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2723.json b/2020/2xxx/CVE-2020-2723.json index aa1bcdc5be9..22ddb2d61d8 100644 --- a/2020/2xxx/CVE-2020-2723.json +++ b/2020/2xxx/CVE-2020-2723.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2723", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_value": "12.1.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.1.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2724.json b/2020/2xxx/CVE-2020-2724.json index cb54c954b51..8d9e5f8e205 100644 --- a/2020/2xxx/CVE-2020-2724.json +++ b/2020/2xxx/CVE-2020-2724.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2724", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_value": "12.1.0-12.4.0", + "version_affected": "=" + }, + { + "version_value": "14.0.0-14.1.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.1.0-12.4.0 and 14.0.0-14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2725.json b/2020/2xxx/CVE-2020-2725.json index 6564f61fb8b..356c53b8be6 100644 --- a/2020/2xxx/CVE-2020-2725.json +++ b/2020/2xxx/CVE-2020-2725.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2725", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2726.json b/2020/2xxx/CVE-2020-2726.json index 2f13fbc2cdd..f11853beb01 100644 --- a/2020/2xxx/CVE-2020-2726.json +++ b/2020/2xxx/CVE-2020-2726.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2726", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2727.json b/2020/2xxx/CVE-2020-2727.json index 151c17c8dc8..0cfb16ce0fa 100644 --- a/2020/2xxx/CVE-2020-2727.json +++ b/2020/2xxx/CVE-2020-2727.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2727", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "VM VirtualBox", + "version": { + "version_data": [ + { + "version_value": "5.2.36", + "version_affected": "<" + }, + { + "version_value": "6.0.16", + "version_affected": "<" + }, + { + "version_value": "6.1.2", + "version_affected": "<" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2728.json b/2020/2xxx/CVE-2020-2728.json index b52017133de..fa9b8edf03a 100644 --- a/2020/2xxx/CVE-2020-2728.json +++ b/2020/2xxx/CVE-2020-2728.json @@ -1,17 +1,62 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2728", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Identity Manager", + "version": { + "version_data": [ + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: OIM - LDAP user and role Synch). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Identity Manager accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2729.json b/2020/2xxx/CVE-2020-2729.json index 47a7a076079..c78a4672824 100644 --- a/2020/2xxx/CVE-2020-2729.json +++ b/2020/2xxx/CVE-2020-2729.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2729", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Identity Manager", + "version": { + "version_data": [ + { + "version_value": "11.1.2.3.0", + "version_affected": "=" + }, + { + "version_value": "12.2.1.3.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: Advanced Console). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Identity Manager accessible data as well as unauthorized read access to a subset of Identity Manager accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Identity Manager accessible data as well as unauthorized read access to a subset of Identity Manager accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2730.json b/2020/2xxx/CVE-2020-2730.json index 1801c27918f..33239f6f309 100644 --- a/2020/2xxx/CVE-2020-2730.json +++ b/2020/2xxx/CVE-2020-2730.json @@ -1,17 +1,70 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2730", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Financial Services Revenue Management and Billing", + "version": { + "version_data": [ + { + "version_value": "2.7.0.0", + "version_affected": "=" + }, + { + "version_value": "2.7.0.1", + "version_affected": "=" + }, + { + "version_value": "2.8.0.0", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: File Upload). Supported versions that are affected are 2.7.0.0, 2.7.0.1 and 2.8.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/2xxx/CVE-2020-2731.json b/2020/2xxx/CVE-2020-2731.json index a31ab3589fb..b7d933f06c7 100644 --- a/2020/2xxx/CVE-2020-2731.json +++ b/2020/2xxx/CVE-2020-2731.json @@ -1,17 +1,74 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", "ID": "CVE-2020-2731", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle Database", + "version": { + "version_data": [ + { + "version_value": "12.1.0.2", + "version_affected": "=" + }, + { + "version_value": "12.2.0.1", + "version_affected": "=" + }, + { + "version_value": "18c", + "version_affected": "=" + }, + { + "version_value": "19c", + "version_affected": "=" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS. CVSS 3.0 Base Score 3.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Core RDBMS executes to compromise Core RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Core RDBMS accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Core RDBMS." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.oracle.com/security-alerts/cpujan2020.html", + "refsource": "MISC", + "name": "https://www.oracle.com/security-alerts/cpujan2020.html" } ] } diff --git a/2020/3xxx/CVE-2020-3115.json b/2020/3xxx/CVE-2020-3115.json index 338a546f687..81b88078f92 100644 --- a/2020/3xxx/CVE-2020-3115.json +++ b/2020/3xxx/CVE-2020-3115.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", "ID": "CVE-2020-3115", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco SD-WAN Solution Local Privilege Escalation Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco SD-WAN Solution ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the CLI of the Cisco SD-WAN Solution vManage software could allow an authenticated, local attacker to elevate privileges to root-level privileges on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted file to the affected system. An exploit could allow the attacker to elevate privileges to root-level privileges." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "8.8", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco SD-WAN Solution Local Privilege Escalation Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sdwan-priv-esc" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-sdwan-priv-esc", + "defect": [ + [ + "CSCvr00305" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3121.json b/2020/3xxx/CVE-2020-3121.json index 06a768e0750..e2d05cfe64b 100644 --- a/2020/3xxx/CVE-2020-3121.json +++ b/2020/3xxx/CVE-2020-3121.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", "ID": "CVE-2020-3121", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco 550X Series Stackable Managed Switches ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link and access a specific page. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco Small Business Smart and Managed Switches Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-sbsms-xss" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-sbsms-xss", + "defect": [ + [ + "CSCvs09313" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3129.json b/2020/3xxx/CVE-2020-3129.json index d8df5362061..c515e6fdaf5 100644 --- a/2020/3xxx/CVE-2020-3129.json +++ b/2020/3xxx/CVE-2020-3129.json @@ -1,18 +1,87 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", "ID": "CVE-2020-3129", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Unity Connection Stored Cross-Site Scripting Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unity Connection ", + "version": { + "version_data": [ + { + "affected": "<", + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by providing crafted data to a specific field within the interface. A successful exploit could allow the attacker to store an XSS attack within the interface. This stored XSS attack would then be executed on the system of any user viewing the attacker-supplied data element." } ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "4.8", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco Unity Connection Stored Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-uc-xss" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200122-uc-xss", + "defect": [ + [ + "CSCvq97490" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3131.json b/2020/3xxx/CVE-2020-3131.json index 4768420e95f..1aae17168f2 100644 --- a/2020/3xxx/CVE-2020-3131.json +++ b/2020/3xxx/CVE-2020-3131.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", "ID": "CVE-2020-3131", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Webex Teams Adaptive Cards Denial of Service Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Webex Teams ", + "version": { + "version_data": [ + { + "affected": "=", + "version_value": "3.0.13131" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the Cisco Webex Teams client for Windows could allow an authenticated, remote attacker to cause the client to crash, resulting in a denial of service (DoS) condition. The attacker needs a valid developer account to exploit this vulnerability. The vulnerability is due to insufficient input validation when processing received adaptive cards. The attacker could exploit this vulnerability by sending an adaptive card with malicious content to an existing user of the Cisco Webex Teams client for Windows. A successful exploit could allow the attacker to cause the targeted user's client to crash continuously. This vulnerability was introduced in Cisco Webex Teams client for Windows Release 3.0.13131." } ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-400" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco Webex Teams Adaptive Cards Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cards-dos-FWzNcXPq" + } + ] + }, + "source": { + "advisory": "cisco-sa-webex-cards-dos-FWzNcXPq", + "defect": [ + [ + "CSCvs25793" + ] + ], + "discovery": "INTERNAL" } -} \ No newline at end of file +} diff --git a/2020/3xxx/CVE-2020-3134.json b/2020/3xxx/CVE-2020-3134.json index b036f4b5548..30499dbb653 100644 --- a/2020/3xxx/CVE-2020-3134.json +++ b/2020/3xxx/CVE-2020-3134.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", "ID": "CVE-2020-3134", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco Email Security Appliance (ESA)", + "version": { + "version_data": [ + { + "version_value": "earlier than 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper validation of zip files. An attacker could exploit this vulnerability by sending an email message with a crafted zip-compressed attachment. A successful exploit could trigger a restart of the content-scanning process, causing a temporary DoS condition. This vulnerability affects Cisco AsyncOS Software for Cisco ESA releases earlier than 13.0." } ] + }, + "impact": { + "cvss": { + "baseScore": "6.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco Email Security Appliance Zip Decompression Engine Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-87mBkc8n" + } + ] + }, + "source": { + "advisory": "cisco-sa-esa-dos-87mBkc8n", + "defect": [ + [ + "CSCvq65126" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3136.json b/2020/3xxx/CVE-2020-3136.json index 5dcb3db3490..9fe9f9194ec 100644 --- a/2020/3xxx/CVE-2020-3136.json +++ b/2020/3xxx/CVE-2020-3136.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", "ID": "CVE-2020-3136", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Jabber Guest Cross-Site Scripting Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco Jabber Guest", + "version": { + "version_data": [ + { + "version_value": "before 11.1(3)" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the web-based management interface of Cisco Jabber Guest could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. This vulnerability affects Cisco Jabber Guest releases 11.1(2) and earlier." } ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco Jabber Guest Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-guest-xss-6urXhkqv" + } + ] + }, + "source": { + "advisory": "cisco-sa-jabber-guest-xss-6urXhkqv", + "defect": [ + [ + "CSCvr48419" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3139.json b/2020/3xxx/CVE-2020-3139.json index b03f7ff4bc4..589bf331fd8 100644 --- a/2020/3xxx/CVE-2020-3139.json +++ b/2020/3xxx/CVE-2020-3139.json @@ -1,18 +1,80 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-22T16:00:00-0800", "ID": "CVE-2020-3139", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Application Policy Infrastructure Controller Out Of Band Management IP Tables Bypass Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco Application Policy Infrastructure Controller (APIC)", + "version": { + "version_data": [ + { + "version_value": "prior to 4.2(3j)" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should be dropped. The vulnerability is due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. An attacker could exploit this vulnerability by sending traffic to the OOB management interface on the targeted device. A successful exploit could allow the attacker to bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself. This vulnerability affects Cisco APIC releases prior to the first fixed software Release 4.2(3j)." } ] + }, + "impact": { + "cvss": { + "baseScore": "5.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200122 Cisco Application Policy Infrastructure Controller Out Of Band Management IP Tables Bypass Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iptable-bypass-GxW88XjL" + } + ] + }, + "source": { + "advisory": "cisco-sa-iptable-bypass-GxW88XjL", + "defect": [ + [ + "CSCvs10135" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3142.json b/2020/3xxx/CVE-2020-3142.json index 221cc828373..e5bb6023e02 100644 --- a/2020/3xxx/CVE-2020-3142.json +++ b/2020/3xxx/CVE-2020-3142.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2020-01-24T16:00:00-0800", "ID": "CVE-2020-3142", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join Vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Cisco", + "product": { + "product_data": [ + { + "product_name": "Cisco Webex Meetings", + "version": { + "version_data": [ + { + "version_value": "earlier than 39.11.5" + }, + { + "version_value": "earlier than 40.1.3" + } + ] + } + } + ] + } + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites could allow an unauthenticated, remote attendee to join a password-protected meeting without providing the meeting password. The connection attempt must initiate from a Webex mobile application for either iOS or Android. The vulnerability is due to unintended meeting information exposure in a specific meeting join flow for mobile applications. An unauthorized attendee could exploit this vulnerability by accessing a known meeting ID or meeting URL from the mobile device’s web browser. The browser will then request to launch the device’s Webex mobile application. A successful exploit could allow the unauthorized attendee to join the password-protected meeting. The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee. Cisco has applied updates that address this vulnerability and no user action is required. This vulnerability affects Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites releases earlier than 39.11.5 and 40.1.3." } ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20200124 Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200124-webex-unauthjoin" + } + ] + }, + "source": { + "advisory": "cisco-sa-20200124-webex-unauthjoin", + "defect": [ + [ + "CSCvs69110" + ] + ], + "discovery": "INTERNAL" } } \ No newline at end of file diff --git a/2020/3xxx/CVE-2020-3940.json b/2020/3xxx/CVE-2020-3940.json index 5d5f486a58a..1d3087d6520 100644 --- a/2020/3xxx/CVE-2020-3940.json +++ b/2020/3xxx/CVE-2020-3940.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3940", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VMware", + "product": { + "product_data": [ + { + "product_name": "Workspace ONE SDK", + "version": { + "version_data": [ + { + "version_value": "Workspace ONE SDK for Android prior to 19.11.1 and Workspace ONE SDK for iOS (Objective-C) prior to 5.9.9.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Sensitive information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2020-0001.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability." } ] } diff --git a/2020/3xxx/CVE-2020-3941.json b/2020/3xxx/CVE-2020-3941.json index e74a8417199..8e6add8e52d 100644 --- a/2020/3xxx/CVE-2020-3941.json +++ b/2020/3xxx/CVE-2020-3941.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-3941", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@vmware.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "VMware", + "product": { + "product_data": [ + { + "product_name": "VMware Tools for Windows (VMware Tools)", + "version": { + "version_data": [ + { + "version_value": "VMware Tools for Windows 10.x.y" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "VMware Tools privilege escalation vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.vmware.com/security/advisories/VMSA-2020-0002.html", + "url": "https://www.vmware.com/security/advisories/VMSA-2020-0002.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11." } ] } diff --git a/2020/5xxx/CVE-2020-5180.json b/2020/5xxx/CVE-2020-5180.json index eca86803063..f0d17dbbdd4 100644 --- a/2020/5xxx/CVE-2020-5180.json +++ b/2020/5xxx/CVE-2020-5180.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5180", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5180", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. (When a VPN connection is initiated using a TLS/SSL client profile, the privileges are dropped, and the library will be loaded, resulting in arbitrary code execution as a user with limited privileges. This greatly reduces the impact of the vulnerability.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-8-4/", + "url": "https://www.sparklabs.com/blog/viscosity-for-mac-windows-version-1-8-4/" } ] } diff --git a/2020/5xxx/CVE-2020-5193.json b/2020/5xxx/CVE-2020-5193.json index 8125d87ea53..a34d70eb9dd 100644 --- a/2020/5xxx/CVE-2020-5193.json +++ b/2020/5xxx/CVE-2020-5193.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5193", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5193", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple reflected XSS vulnerabilities via the searchdata or Doctorspecialization parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155929/Hospital-Management-System-4.0-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/155929/Hospital-Management-System-4.0-Cross-Site-Scripting.html" } ] } diff --git a/2020/5xxx/CVE-2020-5194.json b/2020/5xxx/CVE-2020-5194.json index f4e5568659d..d39de8cc0e6 100644 --- a/2020/5xxx/CVE-2020-5194.json +++ b/2020/5xxx/CVE-2020-5194.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5194", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5194", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs when calling the file/ajax_download_zip/zip_name endpoint. The result is that a user without permissions can zip and download files even if they do not have permission to view whether the file exists." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements", + "refsource": "MISC", + "name": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements" + }, + { + "refsource": "MISC", + "name": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities", + "url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities" } ] } diff --git a/2020/5xxx/CVE-2020-5195.json b/2020/5xxx/CVE-2020-5195.json index 98b86ad9f35..f12dfb2fc25 100644 --- a/2020/5xxx/CVE-2020-5195.json +++ b/2020/5xxx/CVE-2020-5195.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5195", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5195", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Reflected XSS through an IMG element in Cerberus FTP Server prior to versions 11.0.1 and 10.0.17 allows a remote attacker to execute arbitrary JavaScript or HTML via a crafted public folder URL. This occurs because of the folder_up.png IMG element not properly sanitizing user-inserted directory paths. The path modification must be done on a publicly shared folder for a remote attacker to insert arbitrary JavaScript or HTML. The vulnerability impacts anyone who clicks the malicious link crafted by the attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements", + "refsource": "MISC", + "name": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements" + }, + { + "refsource": "MISC", + "name": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities", + "url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://www.cerberusftp.com/xss-vulnerability-in-public-shares-fixed-in-cerberus-ftp-server-version-11-0-1-and-10-0-17/", + "url": "https://www.cerberusftp.com/xss-vulnerability-in-public-shares-fixed-in-cerberus-ftp-server-version-11-0-1-and-10-0-17/" } ] } diff --git a/2020/5xxx/CVE-2020-5196.json b/2020/5xxx/CVE-2020-5196.json index 1790c84d960..48820c82913 100644 --- a/2020/5xxx/CVE-2020-5196.json +++ b/2020/5xxx/CVE-2020-5196.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5196", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5196", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10.0.18 allows an authenticated attacker to create files, display hidden files, list directories, and list files without the permission to zip and download (or unzip and upload) files. There are multiple ways to bypass certain permissions by utilizing the zip and unzip features. As a result, users without permission can see files, folders, and hidden files, and can create directories without permission." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements", + "refsource": "MISC", + "name": "https://support.cerberusftp.com/hc/en-us/community/topics/360000164199-Announcements" + }, + { + "refsource": "MISC", + "name": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities", + "url": "https://www.doyler.net/security-not-included/cerberus-ftp-vulnerabilities" + }, + { + "refsource": "MISC", + "name": "https://www.cerberusftp.com/zip-unzip-permission-bypass-vulnerability-fixed-in-cerberus-ftp-server-versions-11-0-3-and-10-0-18/", + "url": "https://www.cerberusftp.com/zip-unzip-permission-bypass-vulnerability-fixed-in-cerberus-ftp-server-versions-11-0-3-and-10-0-18/" } ] } diff --git a/2020/5xxx/CVE-2020-5197.json b/2020/5xxx/CVE-2020-5197.json index 0881b54025f..c70b3a80b47 100644 --- a/2020/5xxx/CVE-2020-5197.json +++ b/2020/5xxx/CVE-2020-5197.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5197", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5197", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/", + "url": "https://about.gitlab.com/releases/2020/01/02/security-release-gitlab-12-6-2-released/" } ] } diff --git a/2020/5xxx/CVE-2020-5202.json b/2020/5xxx/CVE-2020-5202.json index 661af045ba4..484bd9286c4 100644 --- a/2020/5xxx/CVE-2020-5202.json +++ b/2020/5xxx/CVE-2020-5202.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5202", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5202", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security-tracker.debian.org/tracker/CVE-2020-5202", + "refsource": "MISC", + "name": "https://security-tracker.debian.org/tracker/CVE-2020-5202" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200120 CVE-2020-5202: apt-cacher-ng: a local unprivileged user can impersonate the apt-cacher-ng daemon, possible credentials leak", + "url": "http://www.openwall.com/lists/oss-security/2020/01/20/4" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/01/20/4", + "url": "http://www.openwall.com/lists/oss-security/2020/01/20/4" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200120 CVE-2020-5202: apt-cacher-ng: a local unprivileged user can impersonate the apt-cacher-ng daemon, possible credentials leak", + "url": "https://seclists.org/oss-sec/2020/q1/21" } ] } diff --git a/2020/5xxx/CVE-2020-5204.json b/2020/5xxx/CVE-2020-5204.json index e0206afe98a..c5583dff36e 100644 --- a/2020/5xxx/CVE-2020-5204.json +++ b/2020/5xxx/CVE-2020-5204.json @@ -78,6 +78,11 @@ "name": "https://github.com/troglobit/uftpd/commit/0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9dd", "refsource": "MISC", "url": "https://github.com/troglobit/uftpd/commit/0fb2c031ce0ace07cc19cd2cb2143c4b5a63c9dd" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0069", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00034.html" } ] }, diff --git a/2020/5xxx/CVE-2020-5207.json b/2020/5xxx/CVE-2020-5207.json index 5ed93bb32ef..c31b68db0d2 100644 --- a/2020/5xxx/CVE-2020-5207.json +++ b/2020/5xxx/CVE-2020-5207.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5207", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Request smuggling is possible in Ktor when both chunked TE and content length specified" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Ktor", + "version": { + "version_data": [ + { + "version_value": "< 1.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Ktor.io" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Ktor before 1.3.0, request smuggling is possible when running behind a proxy that doesn't handle Content-Length and Transfer-Encoding properly or doesn't handle \\n as a headers separator." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ktorio/ktor/security/advisories/GHSA-xrr9-rh8p-433v", + "refsource": "CONFIRM", + "url": "https://github.com/ktorio/ktor/security/advisories/GHSA-xrr9-rh8p-433v" + }, + { + "name": "https://github.com/ktorio/ktor/pull/1547", + "refsource": "MISC", + "url": "https://github.com/ktorio/ktor/pull/1547" + } + ] + }, + "source": { + "advisory": "GHSA-xrr9-rh8p-433v", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2020/5xxx/CVE-2020-5209.json b/2020/5xxx/CVE-2020-5209.json index 5131817044d..9630528c223 100644 --- a/2020/5xxx/CVE-2020-5209.json +++ b/2020/5xxx/CVE-2020-5209.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5209", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "NetHack command line parsing of options starting with -de and -i is subject to a buffer overflow" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetHack", + "version": { + "version_data": [ + { + "version_value": "< 3.6.5" + } + ] + } + } + ] + }, + "vendor_name": "NetHack" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77", + "refsource": "MISC", + "url": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77" + }, + { + "name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8", + "refsource": "CONFIRM", + "url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8" + } + ] + }, + "source": { + "advisory": "GHSA-fw72-r8xm-45p8", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5210.json b/2020/5xxx/CVE-2020-5210.json index 799b7b07fbf..f3d97bce94c 100644 --- a/2020/5xxx/CVE-2020-5210.json +++ b/2020/5xxx/CVE-2020-5210.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5210", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "NetHack command line -w option parsing is subject to a buffer overflow" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetHack", + "version": { + "version_data": [ + { + "version_value": "< 3.6.5" + } + ] + } + } + ] + }, + "vendor_name": "NetHack" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp", + "refsource": "CONFIRM", + "url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp" + }, + { + "name": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77", + "refsource": "MISC", + "url": "https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77" + } + ] + }, + "source": { + "advisory": "GHSA-v5pg-hpjg-9rpp", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5211.json b/2020/5xxx/CVE-2020-5211.json index 511e44ab894..3d6f3813a26 100644 --- a/2020/5xxx/CVE-2020-5211.json +++ b/2020/5xxx/CVE-2020-5211.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5211", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "NetHack AUTOCOMPLETE configuration file option is subject to a buffer overflow" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetHack", + "version": { + "version_data": [ + { + "version_value": "< 3.6.5" + } + ] + } + } + ] + }, + "vendor_name": "NetHack" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation.\n\nThis vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files.\n\nUsers should upgrade to NetHack 3.6.5." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7", + "refsource": "CONFIRM", + "url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7" + } + ] + }, + "source": { + "advisory": "GHSA-r788-4jf4-r9f7", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2020/5xxx/CVE-2020-5212.json b/2020/5xxx/CVE-2020-5212.json index a84ee6fbbbc..fc44e3929c6 100644 --- a/2020/5xxx/CVE-2020-5212.json +++ b/2020/5xxx/CVE-2020-5212.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5212", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "NetHack MENUCOLOR configuration file option is subject to a buffer overflow" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetHack", + "version": { + "version_data": [ + { + "version_value": "< 3.6.5" + } + ] + } + } + ] + }, + "vendor_name": "NetHack" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation.\n\nThis vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files.\n\nUsers should upgrade to NetHack 3.6.5." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56", + "refsource": "CONFIRM", + "url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56" + } + ] + }, + "source": { + "advisory": "GHSA-g89f-m829-4m56", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2020/5xxx/CVE-2020-5213.json b/2020/5xxx/CVE-2020-5213.json index 040e977b261..2306244f9f2 100644 --- a/2020/5xxx/CVE-2020-5213.json +++ b/2020/5xxx/CVE-2020-5213.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5213", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "NetHack SYMBOL configuration file option is subject to a buffer overflow" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetHack", + "version": { + "version_data": [ + { + "version_value": "< 3.6.5" + } + ] + } + } + ] + }, + "vendor_name": "NetHack" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation.\n\nThis vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files.\n\nUsers should upgrade to NetHack 3.6.5." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v", + "refsource": "CONFIRM", + "url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v" + } + ] + }, + "source": { + "advisory": "GHSA-rr25-4v34-pr7v", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2020/5xxx/CVE-2020-5214.json b/2020/5xxx/CVE-2020-5214.json index f5933791a0e..a38703ac3d3 100644 --- a/2020/5xxx/CVE-2020-5214.json +++ b/2020/5xxx/CVE-2020-5214.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5214", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "NetHack error recovery after syntax error in configuration file is subject to a buffer overflow" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetHack", + "version": { + "version_data": [ + { + "version_value": "< 3.6.5" + } + ] + } + } + ] + }, + "vendor_name": "NetHack" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation.\n\nThis vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files.\n\nUsers should upgrade to NetHack 3.6.5." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6", + "refsource": "CONFIRM", + "url": "https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6" + } + ] + }, + "source": { + "advisory": "GHSA-p8fw-rq89-xqx6", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2020/5xxx/CVE-2020-5216.json b/2020/5xxx/CVE-2020-5216.json index 683c12eba4a..64d08b85484 100644 --- a/2020/5xxx/CVE-2020-5216.json +++ b/2020/5xxx/CVE-2020-5216.json @@ -1,18 +1,94 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5216", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Limited header injection when using dynamic overrides with user input in RubyGems secure_headers" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "secure_headers", + "version": { + "version_data": [ + { + "version_value": "< 3.9.0" + }, + { + "version_value": ">= 5.0.0, < 5.2.0" + }, + { + "version_value": ">= 6.0.0, < 6.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Twitter" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header injection. Upon seeing a newline in the header, rails will silently create a new Content-Security-Policy header with the remaining value of the original string. It will continue to create new headers for each newline. This has been fixed in 6.3.0, 5.2.0, and 3.9.0." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/twitter/secure_headers/security/advisories/GHSA-w978-rmpf-qmwg", + "refsource": "CONFIRM", + "url": "https://github.com/twitter/secure_headers/security/advisories/GHSA-w978-rmpf-qmwg" + }, + { + "name": "https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0", + "refsource": "MISC", + "url": "https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0" + } + ] + }, + "source": { + "advisory": "GHSA-w978-rmpf-qmwg", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5217.json b/2020/5xxx/CVE-2020-5217.json index 0b1d34d0fdf..1614edf2e40 100644 --- a/2020/5xxx/CVE-2020-5217.json +++ b/2020/5xxx/CVE-2020-5217.json @@ -1,18 +1,104 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5217", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Directive injection when using dynamic overrides with user input in RubyGems secure_headers" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "secure_headers", + "version": { + "version_data": [ + { + "version_value": "< 3.8.0" + }, + { + "version_value": ">= 5.0.0, < 5.1.0" + }, + { + "version_value": ">= 6.0.0, < 6.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Twitter" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/override_content_security_policy_directives, a semicolon could be injected leading to directive injection. This could be used to e.g. override a script-src directive. Duplicate directives are ignored and the first one wins. The directives in secure_headers are sorted alphabetically so they pretty much all come before script-src. A previously undefined directive would receive a value even if SecureHeaders::OPT_OUT was supplied. The fixed versions will silently convert the semicolons to spaces and emit a deprecation warning when this happens. This will result in innocuous browser console messages if being exploited/accidentally used. In future releases, we will raise application errors resulting in 500s. Depending on what major version you are using, the fixed versions are 6.2.0, 5.1.0, 3.8.0." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c", + "refsource": "CONFIRM", + "url": "https://github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c" + }, + { + "name": "https://github.com/twitter/secure_headers/issues/418", + "refsource": "MISC", + "url": "https://github.com/twitter/secure_headers/issues/418" + }, + { + "name": "https://github.com/twitter/secure_headers/pull/421", + "refsource": "MISC", + "url": "https://github.com/twitter/secure_headers/pull/421" + }, + { + "name": "https://github.com/twitter/secure_headers/commit/936a160e3e9659737a9f9eafce13eea36b5c9fa3", + "refsource": "MISC", + "url": "https://github.com/twitter/secure_headers/commit/936a160e3e9659737a9f9eafce13eea36b5c9fa3" + } + ] + }, + "source": { + "advisory": "GHSA-xq52-rv6w-397c", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5218.json b/2020/5xxx/CVE-2020-5218.json index d64dc2a2ace..0767b880cc5 100644 --- a/2020/5xxx/CVE-2020-5218.json +++ b/2020/5xxx/CVE-2020-5218.json @@ -1,18 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5218", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Ability in Sylius to switch channels via GET parameter enabled in production environments" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sylius", + "version": { + "version_data": [ + { + "version_value": "< 1.3.13" + }, + { + "version_value": ">= 1.4.0, < 1.4.6" + }, + { + "version_value": ">= 1.5.0, < 1.5.1" + }, + { + "version_value": ">= 1.6.0, < 1.6.3" + } + ] + } + } + ] + }, + "vendor_name": "Sylius" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Affected versions of Sylius give attackers the ability to switch channels via the _channel_code GET parameter in production environments. This was meant to be enabled only when kernel.debug is set to true. However, if no sylius_channel.debug is set explicitly in the configuration, the default value which is kernel.debug will be not resolved and cast to boolean, enabling this debug feature even if that parameter is set to false. Patch has been provided for Sylius 1.3.x and newer - 1.3.16, 1.4.12, 1.5.9, 1.6.5. Versions older than 1.3 are not covered by our security support anymore." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-8vp7-j5cj-vvm2", + "refsource": "CONFIRM", + "url": "https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-8vp7-j5cj-vvm2" + }, + { + "name": "https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-5220.yaml", + "refsource": "MISC", + "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-5220.yaml" + } + ] + }, + "source": { + "advisory": "GHSA-prg5-hg25-8grq", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5219.json b/2020/5xxx/CVE-2020-5219.json index 1c9b8dfc24e..934cef35a53 100644 --- a/2020/5xxx/CVE-2020-5219.json +++ b/2020/5xxx/CVE-2020-5219.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5219", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Remote Code Execution in Angular Expressions" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "angular-expressions", + "version": { + "version_data": [ + { + "version_value": "< 1.0.1" + } + ] + } + } + ] + }, + "vendor_name": "peerigon" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "reported by GoSecure Inc" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compile(userControlledInput) where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the application code calls expressions.compile(userControlledInput). If running angular-expressions on the server, an attacker could run any Javascript expression, thus gaining Remote Code Execution." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/peerigon/angular-expressions/security/advisories/GHSA-hxhm-96pp-2m43", + "refsource": "CONFIRM", + "url": "https://github.com/peerigon/angular-expressions/security/advisories/GHSA-hxhm-96pp-2m43" + }, + { + "name": "https://github.com/peerigon/angular-expressions/commit/061addfb9a9e932a970e5fcb913d020038e65667", + "refsource": "MISC", + "url": "https://github.com/peerigon/angular-expressions/commit/061addfb9a9e932a970e5fcb913d020038e65667" + }, + { + "name": "http://blog.angularjs.org/2016/09/angular-16-expression-sandbox-removal.html", + "refsource": "MISC", + "url": "http://blog.angularjs.org/2016/09/angular-16-expression-sandbox-removal.html" + } + ] + }, + "source": { + "advisory": "GHSA-hxhm-96pp-2m43", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5220.json b/2020/5xxx/CVE-2020-5220.json index ce8ac3cb0c8..ad7060015dd 100644 --- a/2020/5xxx/CVE-2020-5220.json +++ b/2020/5xxx/CVE-2020-5220.json @@ -1,18 +1,97 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5220", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Ability to expose data in Sylius by using an unintended serialisation group" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SyliusResourceBundle", + "version": { + "version_data": [ + { + "version_value": "< 1.3.13" + }, + { + "version_value": ">= 1.4.0, < 1.4.6" + }, + { + "version_value": ">= 1.5.0, < 1.5.1" + }, + { + "version_value": ">= 1.6.0, < 1.6.3" + } + ] + } + } + ] + }, + "vendor_name": "Sylius" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's controller is affected. The vulnerable versions are: <1.3 || >=1.3.0 <=1.3.12 || >=1.4.0 <=1.4.5 || >=1.5.0 <=1.5.0 || >=1.6.0 <=1.6.2. The patch is provided for Sylius ResourceBundle 1.3.13, 1.4.6, 1.5.1 and 1.6.3, but not for any versions below 1.3." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-8vp7-j5cj-vvm2", + "refsource": "CONFIRM", + "url": "https://github.com/Sylius/SyliusResourceBundle/security/advisories/GHSA-8vp7-j5cj-vvm2" + }, + { + "name": "https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-5220.yaml", + "refsource": "MISC", + "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/sylius/resource-bundle/CVE-2020-5220.yaml" + } + ] + }, + "source": { + "advisory": "GHSA-8vp7-j5cj-vvm2", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5221.json b/2020/5xxx/CVE-2020-5221.json index d621245101a..17891b023bd 100644 --- a/2020/5xxx/CVE-2020-5221.json +++ b/2020/5xxx/CVE-2020-5221.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5221", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Directory Traversal (Chroot Escape) vulnerability in uftpd" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "uftpd", + "version": { + "version_data": [ + { + "version_value": "< 2.11" + } + ] + } + } + ] + }, + "vendor_name": "troglobit" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in version 2.11" } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/troglobit/uftpd/security/advisories/GHSA-wmx8-v7mx-6x9h", + "refsource": "CONFIRM", + "url": "https://github.com/troglobit/uftpd/security/advisories/GHSA-wmx8-v7mx-6x9h" + }, + { + "name": "https://github.com/troglobit/uftpd/commit/455b47d3756aed162d2d0ef7f40b549f3b5b30fe", + "refsource": "MISC", + "url": "https://github.com/troglobit/uftpd/commit/455b47d3756aed162d2d0ef7f40b549f3b5b30fe" + } + ] + }, + "source": { + "advisory": "GHSA-wmx8-v7mx-6x9h", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2020/5xxx/CVE-2020-5223.json b/2020/5xxx/CVE-2020-5223.json index 805e8ffdb96..e0529a9f295 100644 --- a/2020/5xxx/CVE-2020-5223.json +++ b/2020/5xxx/CVE-2020-5223.json @@ -1,18 +1,101 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5223", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Persistent XSS vulnerability in filename of attached file in PrivateBin" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PrivateBin", + "version": { + "version_data": [ + { + "version_value": ">= 1.2.0, < 1.2.2" + }, + { + "version_value": ">= 1.3.0, < 1.3.2" + } + ] + } + } + ] + }, + "vendor_name": "PrivateBin" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting (XSS) vulnerability. The vulnerability has been fixed in PrivateBin v1.3.2 & v1.2.2. Admins are urged to upgrade to these versions to protect the affected users." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-8j72-p2wm-6738", + "refsource": "CONFIRM", + "url": "https://github.com/PrivateBin/PrivateBin/security/advisories/GHSA-8j72-p2wm-6738" + }, + { + "name": "https://privatebin.info/news/v1.3.2-v1.2.2-release.html", + "refsource": "MISC", + "url": "https://privatebin.info/news/v1.3.2-v1.2.2-release.html" + }, + { + "name": "https://github.com/PrivateBin/PrivateBin/commit/8d0ac336d23cd8c98e71d5f21cdadcae9c8a26e6", + "refsource": "MISC", + "url": "https://github.com/PrivateBin/PrivateBin/commit/8d0ac336d23cd8c98e71d5f21cdadcae9c8a26e6" + }, + { + "name": "https://github.com/PrivateBin/PrivateBin/issues/554", + "refsource": "MISC", + "url": "https://github.com/PrivateBin/PrivateBin/issues/554" + } + ] + }, + "source": { + "advisory": "GHSA-8j72-p2wm-6738", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5224.json b/2020/5xxx/CVE-2020-5224.json index feda1fa73fc..42a712c3fd1 100644 --- a/2020/5xxx/CVE-2020-5224.json +++ b/2020/5xxx/CVE-2020-5224.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5224", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Session key exposure through session list in Django User Sessions" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "django-user-sessions", + "version": { + "version_data": [ + { + "version_value": "< 1.7.1" + } + ] + } + } + ] + }, + "vendor_name": "Jazzband" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Django User Sessions (django-user-sessions) before 1.7.1, the views provided allow users to terminate specific sessions. The session key is used to identify sessions, and thus included in the rendered HTML. In itself this is not a problem. However if the website has an XSS vulnerability, the session key could be extracted by the attacker and a session takeover could happen." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Bouke/django-user-sessions/security/advisories/GHSA-5fq8-3q2f-4m5g", + "refsource": "CONFIRM", + "url": "https://github.com/Bouke/django-user-sessions/security/advisories/GHSA-5fq8-3q2f-4m5g" + }, + { + "name": "https://github.com/jazzband/django-user-sessions/commit/f0c4077e7d1436ba6d721af85cee89222ca5d2d9", + "refsource": "MISC", + "url": "https://github.com/jazzband/django-user-sessions/commit/f0c4077e7d1436ba6d721af85cee89222ca5d2d9" + } + ] + }, + "source": { + "advisory": "GHSA-5fq8-3q2f-4m5g", + "discovery": "UNKNOWN" } -} \ No newline at end of file +} diff --git a/2020/5xxx/CVE-2020-5225.json b/2020/5xxx/CVE-2020-5225.json index 9e2e2234e05..e24b4333a3e 100644 --- a/2020/5xxx/CVE-2020-5225.json +++ b/2020/5xxx/CVE-2020-5225.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5225", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Log injection in SimpleSAMLphp" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SimpleSAMLphp", + "version": { + "version_data": [ + { + "version_value": "< 1.18.4" + } + ] + } + } + ] + }, + "vendor_name": "simplesamlphp" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Log injection in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script, which receives error reports and sends them via email to the system administrator, did not properly sanitize the report identifier obtained from the request. This allows an attacker, under specific circumstances, to inject new log lines by manually crafting this report ID. When configured to use the file logging handler, SimpleSAMLphp will output all its logs by appending each log line to a given file. Since the reportID parameter received in a request sent to www/errorreport.php was not properly sanitized, it was possible to inject newline characters into it, effectively allowing a malicious user to inject new log lines with arbitrary content." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532: Inclusion of Sensitive Information in Log Files" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww", + "refsource": "CONFIRM", + "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww" + }, + { + "name": "https://simplesamlphp.org/security/202001-02", + "refsource": "MISC", + "url": "https://simplesamlphp.org/security/202001-02" + } + ] + }, + "source": { + "advisory": "GHSA-6gc6-m364-85ww", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5226.json b/2020/5xxx/CVE-2020-5226.json index 55e79e66df4..d2f1c81ddb7 100644 --- a/2020/5xxx/CVE-2020-5226.json +++ b/2020/5xxx/CVE-2020-5226.json @@ -1,18 +1,88 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5226", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "Cross-site scripting in SimpleSAMLphp" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SimpleSAMLphp", + "version": { + "version_data": [ + { + "version_value": ">= 1.18.0, < 1.18.4" + } + ] + } + } + ] + }, + "vendor_name": "simplesamlphp" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/erroreport.php script allows error reports to be submitted and sent to the system administrator. Starting with SimpleSAMLphp 1.18.0, a new SimpleSAML\\Utils\\EMail class was introduced to handle sending emails, implemented as a wrapper of an external dependency. This new wrapper allows us to use Twig templates in order to create the email sent with an error report. Since Twig provides automatic escaping of variables, manual escaping of the free-text field in www/errorreport.php was removed to avoid double escaping. However, for those not using the new user interface yet, an email template is hardcoded into the class itself in plain PHP. Since no escaping is provided in this template, it is then possible to inject HTML inside the template by manually crafting the contents of the free-text field." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-mj9p-v2r8-wf8w", + "refsource": "CONFIRM", + "url": "https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-mj9p-v2r8-wf8w" + }, + { + "name": "https://simplesamlphp.org/security/202001-01", + "refsource": "MISC", + "url": "https://simplesamlphp.org/security/202001-01" + } + ] + }, + "source": { + "advisory": "GHSA-mj9p-v2r8-wf8w", + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5390.json b/2020/5xxx/CVE-2020-5390.json index 3099b422469..10bff612cba 100644 --- a/2020/5xxx/CVE-2020-5390.json +++ b/2020/5xxx/CVE-2020-5390.json @@ -1,17 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5390", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5390", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PySAML2 before 5.0.0 does not check that the signature in a SAML document is enveloped and thus signature wrapping is effective, i.e., it is affected by XML Signature Wrapping (XSW). The signature information and the node/object that is signed can be in different places and thus the signature verification will succeed, but the wrong data will be used. This specifically affects the verification of assertion that have been signed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25", + "url": "https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/IdentityPython/pysaml2/commit/f27c7e7a7010f83380566a219fd6a290a00f2b6e", + "url": "https://github.com/IdentityPython/pysaml2/commit/f27c7e7a7010f83380566a219fd6a290a00f2b6e" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/IdentityPython/pysaml2/releases/tag/v5.0.0", + "url": "https://github.com/IdentityPython/pysaml2/releases/tag/v5.0.0" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/IdentityPython/pysaml2/releases", + "url": "https://github.com/IdentityPython/pysaml2/releases" + }, + { + "refsource": "MISC", + "name": "https://pypi.org/project/pysaml2/5.0.0/", + "url": "https://pypi.org/project/pysaml2/5.0.0/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4245-1", + "url": "https://usn.ubuntu.com/4245-1/" } ] } diff --git a/2020/5xxx/CVE-2020-5395.json b/2020/5xxx/CVE-2020-5395.json index 3013e3d730c..340ae313b86 100644 --- a/2020/5xxx/CVE-2020-5395.json +++ b/2020/5xxx/CVE-2020-5395.json @@ -56,6 +56,16 @@ "url": "https://github.com/fontforge/fontforge/issues/4084", "refsource": "MISC", "name": "https://github.com/fontforge/fontforge/issues/4084" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0089", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00041.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-229ad63391", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2S75EAVF4KPCH3WFBMZADUAU7EAXA7ZQ/" } ] } diff --git a/2020/5xxx/CVE-2020-5397.json b/2020/5xxx/CVE-2020-5397.json index d405d79102c..70e134db460 100644 --- a/2020/5xxx/CVE-2020-5397.json +++ b/2020/5xxx/CVE-2020-5397.json @@ -3,16 +3,83 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@pivotal.io", + "DATE_PUBLIC": "2020-01-16T00:00:00.000Z", "ID": "CVE-2020-5397", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spring Framework", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "5.2", + "version_value": "v5.2.3.RELEASE" + } + ] + } + } + ] + }, + "vendor_name": "Spring" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2020-5397", + "name": "https://pivotal.io/security/cve-2020-5397" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5398.json b/2020/5xxx/CVE-2020-5398.json index a2cd998ba20..07d3c1a59f1 100644 --- a/2020/5xxx/CVE-2020-5398.json +++ b/2020/5xxx/CVE-2020-5398.json @@ -3,16 +3,93 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "security@pivotal.io", + "DATE_PUBLIC": "2020-01-16T00:00:00.000Z", "ID": "CVE-2020-5398", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "RFD Attack via \"Content-Disposition\" Header Sourced from Request Input by Spring MVC or Spring WebFlux Application" + }, + "source": { + "discovery": "UNKNOWN" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Spring Framework", + "version": { + "version_data": [ + { + "affected": "<", + "version_name": "5.0", + "version_value": "v5.0.16.RELEASE" + }, + { + "affected": "<", + "version_name": "5.1", + "version_value": "v5.1.13.RELEASE" + }, + { + "affected": "<", + "version_name": "5.2", + "version_value": "v5.2.3.RELEASE" + } + ] + } + } + ] + }, + "vendor_name": "Spring" + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a \"Content-Disposition\" header in the response where the filename attribute is derived from user supplied input." } ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79: Cross-site Scripting (XSS) - Reflected" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "url": "https://pivotal.io/security/cve-2020-5398", + "name": "https://pivotal.io/security/cve-2020-5398" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", + "version": "3.0" + } } } \ No newline at end of file diff --git a/2020/5xxx/CVE-2020-5496.json b/2020/5xxx/CVE-2020-5496.json index cda6d8729f7..799e6c15a45 100644 --- a/2020/5xxx/CVE-2020-5496.json +++ b/2020/5xxx/CVE-2020-5496.json @@ -56,6 +56,11 @@ "url": "https://github.com/fontforge/fontforge/issues/4085", "refsource": "MISC", "name": "https://github.com/fontforge/fontforge/issues/4085" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0089", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00041.html" } ] } diff --git a/2020/5xxx/CVE-2020-5498.json b/2020/5xxx/CVE-2020-5498.json index 46744e198d7..b77cbc14dff 100644 --- a/2020/5xxx/CVE-2020-5498.json +++ b/2020/5xxx/CVE-2020-5498.json @@ -5,13 +5,13 @@ "CVE_data_meta": { "ID": "CVE-2020-5498", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "REJECT" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } diff --git a/2020/5xxx/CVE-2020-5501.json b/2020/5xxx/CVE-2020-5501.json index 9ff5572b9e5..ba331e22b0c 100644 --- a/2020/5xxx/CVE-2020-5501.json +++ b/2020/5xxx/CVE-2020-5501.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5501", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5501", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "phpBB 3.2.8 allows a CSRF attack that can modify a group avatar." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.phpbb.com/category/security/", + "refsource": "MISC", + "name": "https://blog.phpbb.com/category/security/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.phpbb.com/community/viewtopic.php?f=14&t=2534536", + "url": "https://www.phpbb.com/community/viewtopic.php?f=14&t=2534536" } ] } diff --git a/2020/5xxx/CVE-2020-5502.json b/2020/5xxx/CVE-2020-5502.json index dbdee4f2fce..f84a3f3ce22 100644 --- a/2020/5xxx/CVE-2020-5502.json +++ b/2020/5xxx/CVE-2020-5502.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5502", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5502", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.phpbb.com/category/security/", + "refsource": "MISC", + "name": "https://blog.phpbb.com/category/security/" + }, + { + "refsource": "CONFIRM", + "name": "https://www.phpbb.com/community/viewtopic.php?f=14&t=2534536", + "url": "https://www.phpbb.com/community/viewtopic.php?f=14&t=2534536" } ] } diff --git a/2020/5xxx/CVE-2020-5504.json b/2020/5xxx/CVE-2020-5504.json index 57b69576323..f4a028a29d1 100644 --- a/2020/5xxx/CVE-2020-5504.json +++ b/2020/5xxx/CVE-2020-5504.json @@ -56,6 +56,16 @@ "refsource": "CONFIRM", "name": "https://www.phpmyadmin.net/security/PMASA-2020-1/", "url": "https://www.phpmyadmin.net/security/PMASA-2020-1/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0056", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200115 [SECURITY] [DLA 2060-1] phpmyadmin security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00011.html" } ] } diff --git a/2020/5xxx/CVE-2020-5505.json b/2020/5xxx/CVE-2020-5505.json index 9ad66247adc..8113f1519cc 100644 --- a/2020/5xxx/CVE-2020-5505.json +++ b/2020/5xxx/CVE-2020-5505.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5505", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5505", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Freelancy v1.0.0 allows remote command execution via the \"file\":\"data:application/x-php;base64 substring (in conjunction with \"type\":\"application/x-php\"} to the /api/files/ URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155922/Freelancy-1.0.0-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155922/Freelancy-1.0.0-Remote-Code-Execution.html" } ] } diff --git a/2020/5xxx/CVE-2020-5509.json b/2020/5xxx/CVE-2020-5509.json index 5e3c85ec0b7..2ae9cdd1295 100644 --- a/2020/5xxx/CVE-2020-5509.json +++ b/2020/5xxx/CVE-2020-5509.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-5509", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-5509", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155925/Car-Rental-Project-1.0-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155925/Car-Rental-Project-1.0-Remote-Code-Execution.html" } ] } diff --git a/2020/5xxx/CVE-2020-5520.json b/2020/5xxx/CVE-2020-5520.json index ac6e6f011cc..b9c71cf5e5c 100644 --- a/2020/5xxx/CVE-2020-5520.json +++ b/2020/5xxx/CVE-2020-5520.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5520", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "references": { + "reference_data": [ + { + "url": "https://www.printing.ne.jp/support/information/AppVulnerability.html", + "refsource": "MISC", + "name": "https://www.printing.ne.jp/support/information/AppVulnerability.html" + }, + { + "url": "http://jvn.jp/en/jp/JVN66435380/index.html", + "refsource": "MISC", + "name": "http://jvn.jp/en/jp/JVN66435380/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "3.2.3 and earlier" + } + ] + }, + "product_name": "netprint App for iOS" + } + ] + }, + "vendor_name": "Fuji Xerox Co.,Ltd." + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-5520", + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to verify SSL certificates" + } + ] } ] } diff --git a/2020/5xxx/CVE-2020-5521.json b/2020/5xxx/CVE-2020-5521.json index 91e24480172..18b2c1325d2 100644 --- a/2020/5xxx/CVE-2020-5521.json +++ b/2020/5xxx/CVE-2020-5521.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5521", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "references": { + "reference_data": [ + { + "url": "https://www.printing.ne.jp/support/information/AppVulnerability.html", + "refsource": "MISC", + "name": "https://www.printing.ne.jp/support/information/AppVulnerability.html" + }, + { + "url": "http://jvn.jp/en/jp/JVN66435380/index.html", + "refsource": "MISC", + "name": "http://jvn.jp/en/jp/JVN66435380/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.0.2 and earlier" + } + ] + }, + "product_name": "kantan netprint App for iOS" + } + ] + }, + "vendor_name": "Fuji Xerox Co.,Ltd." + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-5521", + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to verify SSL certificates" + } + ] } ] } diff --git a/2020/5xxx/CVE-2020-5522.json b/2020/5xxx/CVE-2020-5522.json index 0ba2bcd6e08..e34c816d396 100644 --- a/2020/5xxx/CVE-2020-5522.json +++ b/2020/5xxx/CVE-2020-5522.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5522", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "references": { + "reference_data": [ + { + "url": "https://www.printing.ne.jp/support/information/AppVulnerability.html", + "refsource": "MISC", + "name": "https://www.printing.ne.jp/support/information/AppVulnerability.html" + }, + { + "url": "http://jvn.jp/en/jp/JVN66435380/index.html", + "refsource": "MISC", + "name": "http://jvn.jp/en/jp/JVN66435380/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "2.0.3 and earlier" + } + ] + }, + "product_name": "kantan netprint App for Android" + } + ] + }, + "vendor_name": "Fuji Xerox Co.,Ltd." + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-5522", + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to verify SSL certificates" + } + ] } ] } diff --git a/2020/5xxx/CVE-2020-5523.json b/2020/5xxx/CVE-2020-5523.json index 0ba89257176..4aba1d5b473 100644 --- a/2020/5xxx/CVE-2020-5523.json +++ b/2020/5xxx/CVE-2020-5523.json @@ -1,17 +1,106 @@ { - "data_type": "CVE", - "data_format": "MITRE", "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2020-5523", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "references": { + "reference_data": [ + { + "url": "http://www.dokodemobank.ne.jp/info_20200128_bankingapp.html", + "refsource": "MISC", + "name": "http://www.dokodemobank.ne.jp/info_20200128_bankingapp.html" + }, + { + "url": "https://www.ashikagabank.co.jp/appbanking/pdf/oshirase.pdf", + "refsource": "MISC", + "name": "https://www.ashikagabank.co.jp/appbanking/pdf/oshirase.pdf" + }, + { + "url": "https://www.sihd-bk.jp/common_v2/pdf/20200127.pdf", + "refsource": "MISC", + "name": "https://www.sihd-bk.jp/common_v2/pdf/20200127.pdf" + }, + { + "url": "https://www.shikokubank.co.jp/info/apps20200128.html", + "refsource": "MISC", + "name": "https://www.shikokubank.co.jp/info/apps20200128.html" + }, + { + "url": "https://www.tohoku-bank.co.jp/news/topics/200128_applissl.html", + "refsource": "MISC", + "name": "https://www.tohoku-bank.co.jp/news/topics/200128_applissl.html" + }, + { + "url": "https://www.naganobank.co.jp/soshiki/2/app-ssl.html", + "refsource": "MISC", + "name": "https://www.naganobank.co.jp/soshiki/2/app-ssl.html" + }, + { + "url": "https://www.77bank.co.jp/pdf/oshirase/20012801_appvulnerability.pdf", + "refsource": "MISC", + "name": "https://www.77bank.co.jp/pdf/oshirase/20012801_appvulnerability.pdf" + }, + { + "url": "https://www.hokkaidobank.co.jp/common/dat/2020/0120/15795047141946146699.pdf", + "refsource": "MISC", + "name": "https://www.hokkaidobank.co.jp/common/dat/2020/0120/15795047141946146699.pdf" + }, + { + "url": "https://www.hokugin.co.jp/info/archives/personal/2020/1913.html", + "refsource": "MISC", + "name": "https://www.hokugin.co.jp/info/archives/personal/2020/1913.html" + }, + { + "url": "http://jvn.jp/en/jp/JVN28845872/index.html", + "refsource": "MISC", + "name": "http://jvn.jp/en/jp/JVN28845872/index.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "data_type": "CVE", + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "version": { + "version_data": [ + { + "version_value": "MyPallete all versions, AshikagaBankingAppli ver1.0.4 and earlier, SENSHUIKEDABANKBankingAppli ver3.0.4 and earlier, ShikokuBankingAppli ver2.0.1 and earlier, TohokuBankingAppli ver1.0.1 and earlier, NaganoBankingAppli ver1.0.1 and earlier, 77BankingAppli ver2.0.1 and earlier, HokkaidoBankingAppli ver3.0.1 and earlier, and HokurikuBankingAppli ver2.0.1 and earlier" + } + ] + }, + "product_name": "'MyPallete' and some of the Android banking applications that use 'MyPallete'" + } + ] + }, + "vendor_name": "NTT Data Corporation" + } + ] + } + }, + "CVE_data_meta": { + "ID": "CVE-2020-5523", + "ASSIGNER": "vultures@jpcert.or.jp", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Fails to verify SSL certificates" + } + ] } ] } diff --git a/2020/5xxx/CVE-2020-5851.json b/2020/5xxx/CVE-2020-5851.json index ff872b58140..58cbac0b7f6 100644 --- a/2020/5xxx/CVE-2020-5851.json +++ b/2020/5xxx/CVE-2020-5851.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5851", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "Hotfix-BIGIP-14.1.0.2.0.45.4-ENG, Hotfix-BIGIP-14.1.0.2.0.62.4-ENG" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Compromise detection failure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K91171450", + "url": "https://support.f5.com/csp/article/K91171450" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "On impacted versions and platforms the Trusted Platform Module (TPM) system integrity check cannot detect modifications to specific system components. This issue only impacts specific engineering hotfixes and platforms. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.0.2.0.45.4-ENG Hotfix-BIGIP-14.1.0.2.0.62.4-ENG" } ] } diff --git a/2020/5xxx/CVE-2020-5852.json b/2020/5xxx/CVE-2020-5852.json index 8d0e43e3229..eaf40761f45 100644 --- a/2020/5xxx/CVE-2020-5852.json +++ b/2020/5xxx/CVE-2020-5852.json @@ -4,14 +4,64 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5852", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "F5", + "product": { + "product_data": [ + { + "product_name": "BIG-IP", + "version": { + "version_data": [ + { + "version_value": "Hotfix-BIGIP-14.1.2.1.0.83.4-ENG" + }, + { + "version_value": "Hotfix-BIGIP-12.1.4.1.0.97.6-ENG" + }, + { + "version_value": "Hotfix-BIGIP-11.5.4.2.74.291-HF2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K53590702", + "url": "https://support.f5.com/csp/article/K53590702" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. This issue only impacts specific engineering hotfixes. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.2.1.0.83.4-ENG Hotfix-BIGIP-12.1.4.1.0.97.6-ENG Hotfix-BIGIP-11.5.4.2.74.291-HF2" } ] } diff --git a/2020/5xxx/CVE-2020-5853.json b/2020/5xxx/CVE-2020-5853.json index c8416b092ab..d7f43a1243f 100644 --- a/2020/5xxx/CVE-2020-5853.json +++ b/2020/5xxx/CVE-2020-5853.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-5853", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "f5sirt@f5.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "F5", + "product": { + "product_data": [ + { + "product_name": "BIG-IP APM", + "version": { + "version_data": [ + { + "version_value": "15.0.0-15.1.0" + }, + { + "version_value": "14.0.0-14.1.2.3" + }, + { + "version_value": "13.1.0-13.1.3.2" + }, + { + "version_value": "12.1.0-12.1.5" + }, + { + "version_value": "11.5.2-11.6.5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K73183618", + "url": "https://support.f5.com/csp/article/K73183618" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, when backend servers serve HTTP pages with special JavaScript code, this can lead to internal portal access name conflict." } ] } diff --git a/2020/6xxx/CVE-2020-6007.json b/2020/6xxx/CVE-2020-6007.json index ead747cdd0f..36412a1f739 100644 --- a/2020/6xxx/CVE-2020-6007.json +++ b/2020/6xxx/CVE-2020-6007.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6007", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@checkpoint.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Philips Hue Bridge 2.X", + "version": { + "version_data": [ + { + "version_value": "All versions prior to and including 1935144020" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-122: Heap-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www2.meethue.com/en-us/support/release-notes/bridge", + "url": "https://www2.meethue.com/en-us/support/release-notes/bridge" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution." } ] } diff --git a/2020/6xxx/CVE-2020-6162.json b/2020/6xxx/CVE-2020-6162.json index ed07449c843..80172f90030 100644 --- a/2020/6xxx/CVE-2020-6162.json +++ b/2020/6xxx/CVE-2020-6162.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6162", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6162", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Bftpd 5.3. Under certain circumstances, an out-of-bounds read is triggered due to an uninitialized value. The daemon crashes at startup in the hidegroups_init function in dirlist.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://bftpd.sourceforge.net/news.html", + "url": "http://bftpd.sourceforge.net/news.html" + }, + { + "refsource": "CONFIRM", + "name": "https://fossies.org/linux/bftpd/CHANGELOG", + "url": "https://fossies.org/linux/bftpd/CHANGELOG" } ] } diff --git a/2020/6xxx/CVE-2020-6170.json b/2020/6xxx/CVE-2020-6170.json index ff8cda9328b..c31df1f6bac 100644 --- a/2020/6xxx/CVE-2020-6170.json +++ b/2020/6xxx/CVE-2020-6170.json @@ -56,6 +56,11 @@ "url": "https://medium.com/@husinulzsanub/exploiting-router-authentication-through-web-interface-68660c708206", "refsource": "MISC", "name": "https://medium.com/@husinulzsanub/exploiting-router-authentication-through-web-interface-68660c708206" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156075/Genexis-Platinum-4410-2.1-Authentication-Bypass.html", + "url": "http://packetstormsecurity.com/files/156075/Genexis-Platinum-4410-2.1-Authentication-Bypass.html" } ] } diff --git a/2020/6xxx/CVE-2020-6173.json b/2020/6xxx/CVE-2020-6173.json index a34e44cec89..5b04cd3bbf1 100644 --- a/2020/6xxx/CVE-2020-6173.json +++ b/2020/6xxx/CVE-2020-6173.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6173", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6173", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolled Resource Consumption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/theupdateframework/tuf/commits/develop", + "refsource": "MISC", + "name": "https://github.com/theupdateframework/tuf/commits/develop" + }, + { + "refsource": "MISC", + "name": "https://github.com/theupdateframework/tuf/issues/973", + "url": "https://github.com/theupdateframework/tuf/issues/973" } ] } diff --git a/2020/6xxx/CVE-2020-6303.json b/2020/6xxx/CVE-2020-6303.json index 90b12e72fc4..cbf22ac656c 100644 --- a/2020/6xxx/CVE-2020-6303.json +++ b/2020/6xxx/CVE-2020-6303.json @@ -4,14 +4,71 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6303", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Disclosure Management", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "10.1" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.4", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://launchpad.support.sap.com/#/notes/2772325", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2772325" + }, + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771" } ] } diff --git a/2020/6xxx/CVE-2020-6304.json b/2020/6xxx/CVE-2020-6304.json index ee5f125bbdc..24d69cbfd78 100644 --- a/2020/6xxx/CVE-2020-6304.json +++ b/2020/6xxx/CVE-2020-6304.json @@ -4,14 +4,183 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6304", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP NetWeaver Internet Communication Manager (KRNL32NUC)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.21" + }, + { + "version_name": "<", + "version_value": "7.21EXT" + }, + { + "version_name": "<", + "version_value": "7.22" + }, + { + "version_name": "<", + "version_value": "7.22EXT" + } + ] + } + }, + { + "product_name": "SAP NetWeaver Internet Communication Manager (KRNL32UC)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.21" + }, + { + "version_name": "<", + "version_value": "7.21EXT" + }, + { + "version_name": "<", + "version_value": "7.22" + }, + { + "version_name": "<", + "version_value": "7.22EXT" + } + ] + } + }, + { + "product_name": "SAP NetWeaver Internet Communication Manager (KRNL64NUC)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.21" + }, + { + "version_name": "<", + "version_value": "7.21EXT" + }, + { + "version_name": "<", + "version_value": "7.22" + }, + { + "version_name": "<", + "version_value": "7.22EXT" + }, + { + "version_name": "<", + "version_value": "7.49" + } + ] + } + }, + { + "product_name": "SAP NetWeaver Internet Communication Manager (KRNL64UC)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.21" + }, + { + "version_name": "<", + "version_value": "7.21EXT" + }, + { + "version_name": "<", + "version_value": "7.22" + }, + { + "version_name": "<", + "version_value": "7.22EXT" + }, + { + "version_name": "<", + "version_value": "7.49" + } + ] + } + }, + { + "product_name": "SAP NetWeaver Internet Communication Manager (KERNEL)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.21" + }, + { + "version_name": "<", + "version_value": "7.22" + }, + { + "version_name": "<", + "version_value": "7.49" + }, + { + "version_name": "<", + "version_value": "7.53" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "5.9", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2848498", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2848498" } ] } diff --git a/2020/6xxx/CVE-2020-6305.json b/2020/6xxx/CVE-2020-6305.json index c3817548616..2457eb62e08 100644 --- a/2020/6xxx/CVE-2020-6305.json +++ b/2020/6xxx/CVE-2020-6305.json @@ -4,14 +4,79 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6305", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Process Integration - Rest Adapter (SAP_XIAF)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.31" + }, + { + "version_name": "<", + "version_value": "7.40" + }, + { + "version_name": "<", + "version_value": "7.50" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7.31, 7.40, 7.50) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2863743", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2863743" } ] } diff --git a/2020/6xxx/CVE-2020-6306.json b/2020/6xxx/CVE-2020-6306.json index cb838ba1a4e..c0173b98f73 100644 --- a/2020/6xxx/CVE-2020-6306.json +++ b/2020/6xxx/CVE-2020-6306.json @@ -4,14 +4,110 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6306", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "SAP Leasing (SAP_Appl)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "6.18" + } + ] + } + }, + { + "product_name": "SAP Leasing (EA_Appl)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "6.0" + }, + { + "version_name": "<", + "version_value": "6.02" + }, + { + "version_name": "<", + "version_value": "6.03" + }, + { + "version_name": "<", + "version_value": "6.04" + }, + { + "version_name": "<", + "version_value": "6.05" + }, + { + "version_name": "<", + "version_value": "6.06" + }, + { + "version_name": "<", + "version_value": "6.16" + }, + { + "version_name": "<", + "version_value": "6.17" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17)." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "2.7", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authorization Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2865348", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2865348" } ] } diff --git a/2020/6xxx/CVE-2020-6307.json b/2020/6xxx/CVE-2020-6307.json index d0615cfdc7c..99c37cde4b1 100644 --- a/2020/6xxx/CVE-2020-6307.json +++ b/2020/6xxx/CVE-2020-6307.json @@ -4,14 +4,107 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6307", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@sap.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "SAP SE", + "product": { + "product_data": [ + { + "product_name": "Automated Note Search Tool (SAP Basis)", + "version": { + "version_data": [ + { + "version_name": "<", + "version_value": "7.0" + }, + { + "version_name": "<", + "version_value": "7.01" + }, + { + "version_name": "<", + "version_value": "7.02" + }, + { + "version_name": "<", + "version_value": "7.31" + }, + { + "version_name": "<", + "version_value": "7.4" + }, + { + "version_name": "<", + "version_value": "7.5" + }, + { + "version_name": "<", + "version_value": "7.51" + }, + { + "version_name": "<", + "version_value": "7.52" + }, + { + "version_name": "<", + "version_value": "7.53" + }, + { + "version_name": "<", + "version_value": "7.54" + } + ] + } + } + ] + } + } + ] + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Missing Authorization Check" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771", + "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771" + }, + { + "url": "https://launchpad.support.sap.com/#/notes/2863397", + "refsource": "MISC", + "name": "https://launchpad.support.sap.com/#/notes/2863397" } ] } diff --git a/2020/6xxx/CVE-2020-6377.json b/2020/6xxx/CVE-2020-6377.json index 94af76198cc..e29546eabb1 100644 --- a/2020/6xxx/CVE-2020-6377.json +++ b/2020/6xxx/CVE-2020-6377.json @@ -4,14 +4,104 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-6377", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@google.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "79.0.3945.117", + "version_affected": "<" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use after free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://crbug.com/1029462", + "refsource": "MISC", + "name": "https://crbug.com/1029462" + }, + { + "url": "https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0006", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00004.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0009", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00007.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-581537c8aa", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PSUXNEUS6N42UJNQVCQSTSM6CSW2REPG/" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2020:0084", + "url": "https://access.redhat.com/errata/RHSA-2020:0084" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0053", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00023.html" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2020-4355ea258e", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N5CIQCVS6E3ULJCNU7YJXJPO2BLQZDTK/" + }, + { + "refsource": "BUGTRAQ", + "name": "20200120 [SECURITY] [DSA 4606-1] chromium security update", + "url": "https://seclists.org/bugtraq/2020/Jan/27" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4606", + "url": "https://www.debian.org/security/2020/dsa-4606" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page." } ] } diff --git a/2020/6xxx/CVE-2020-6609.json b/2020/6xxx/CVE-2020-6609.json index e1b798206a1..f647649e064 100644 --- a/2020/6xxx/CVE-2020-6609.json +++ b/2020/6xxx/CVE-2020-6609.json @@ -56,6 +56,16 @@ "url": "https://github.com/LibreDWG/libredwg/issues/179#issue-544834443", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/179#issue-544834443" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0096", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0115", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html" } ] } diff --git a/2020/6xxx/CVE-2020-6610.json b/2020/6xxx/CVE-2020-6610.json index f4ebb777a1e..169eb0beae2 100644 --- a/2020/6xxx/CVE-2020-6610.json +++ b/2020/6xxx/CVE-2020-6610.json @@ -56,6 +56,16 @@ "url": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447120", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447120" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0096", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0115", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html" } ] } diff --git a/2020/6xxx/CVE-2020-6611.json b/2020/6xxx/CVE-2020-6611.json index 15360508fd9..5fdbacd5935 100644 --- a/2020/6xxx/CVE-2020-6611.json +++ b/2020/6xxx/CVE-2020-6611.json @@ -56,6 +56,16 @@ "url": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447190", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447190" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0096", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0115", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html" } ] } diff --git a/2020/6xxx/CVE-2020-6612.json b/2020/6xxx/CVE-2020-6612.json index c6ad7e1c247..d25aac091cc 100644 --- a/2020/6xxx/CVE-2020-6612.json +++ b/2020/6xxx/CVE-2020-6612.json @@ -56,6 +56,16 @@ "url": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447169", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447169" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0096", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0115", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html" } ] } diff --git a/2020/6xxx/CVE-2020-6613.json b/2020/6xxx/CVE-2020-6613.json index 9a7e85bc657..9abdf0d2282 100644 --- a/2020/6xxx/CVE-2020-6613.json +++ b/2020/6xxx/CVE-2020-6613.json @@ -56,6 +56,16 @@ "url": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447025", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447025" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0096", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0115", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html" } ] } diff --git a/2020/6xxx/CVE-2020-6614.json b/2020/6xxx/CVE-2020-6614.json index 9153b8d96ff..1f69250a341 100644 --- a/2020/6xxx/CVE-2020-6614.json +++ b/2020/6xxx/CVE-2020-6614.json @@ -56,6 +56,16 @@ "url": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447068", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447068" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0096", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0115", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html" } ] } diff --git a/2020/6xxx/CVE-2020-6615.json b/2020/6xxx/CVE-2020-6615.json index c0b40e350b3..7c8c4fb9fb2 100644 --- a/2020/6xxx/CVE-2020-6615.json +++ b/2020/6xxx/CVE-2020-6615.json @@ -56,6 +56,16 @@ "url": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447223", "refsource": "MISC", "name": "https://github.com/LibreDWG/libredwg/issues/179#issuecomment-570447223" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0096", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00046.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2020:0115", + "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00052.html" } ] } diff --git a/2020/6xxx/CVE-2020-6638.json b/2020/6xxx/CVE-2020-6638.json index 42c5d2a4318..0911daf2159 100644 --- a/2020/6xxx/CVE-2020-6638.json +++ b/2020/6xxx/CVE-2020-6638.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-6638", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-6638", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Grin through 2.1.1 has Insufficient Validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mimblewimble/grin/compare/v2.1.1...v3.0.0", + "refsource": "MISC", + "name": "https://github.com/mimblewimble/grin/compare/v2.1.1...v3.0.0" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/mimblewimble/grin-security/blob/master/CVEs/CVE-2020-6638.md", + "url": "https://github.com/mimblewimble/grin-security/blob/master/CVEs/CVE-2020-6638.md" } ] } diff --git a/2020/6xxx/CVE-2020-6750.json b/2020/6xxx/CVE-2020-6750.json index 01c80f2157b..e3f5ab6fe12 100644 --- a/2020/6xxx/CVE-2020-6750.json +++ b/2020/6xxx/CVE-2020-6750.json @@ -56,6 +56,16 @@ "url": "https://gitlab.gnome.org/GNOME/glib/issues/1989", "refsource": "MISC", "name": "https://gitlab.gnome.org/GNOME/glib/issues/1989" + }, + { + "refsource": "CONFIRM", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=1160668", + "url": "https://bugzilla.suse.com/show_bug.cgi?id=1160668" + }, + { + "refsource": "CONFIRM", + "name": "https://security.netapp.com/advisory/ntap-20200127-0001/", + "url": "https://security.netapp.com/advisory/ntap-20200127-0001/" } ] } diff --git a/2020/6xxx/CVE-2020-6756.json b/2020/6xxx/CVE-2020-6756.json index 03784c261d1..bf645f2d194 100644 --- a/2020/6xxx/CVE-2020-6756.json +++ b/2020/6xxx/CVE-2020-6756.json @@ -56,6 +56,11 @@ "url": "https://pwnedchile.com/2020/01/08/pixelstor-5000-rce-exploit/", "refsource": "MISC", "name": "https://pwnedchile.com/2020/01/08/pixelstor-5000-rce-exploit/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/155898/PixelStor-5000-K-4.0.1580-20150629-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/155898/PixelStor-5000-K-4.0.1580-20150629-Remote-Code-Execution.html" } ] }, diff --git a/2020/6xxx/CVE-2020-6832.json b/2020/6xxx/CVE-2020-6832.json new file mode 100644 index 00000000000..83634b8c057 --- /dev/null +++ b/2020/6xxx/CVE-2020-6832.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6832", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/blog/categories/releases/", + "refsource": "MISC", + "name": "https://about.gitlab.com/blog/categories/releases/" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released/", + "url": "https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released/" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6833.json b/2020/6xxx/CVE-2020-6833.json new file mode 100644 index 00000000000..9bbd4896370 --- /dev/null +++ b/2020/6xxx/CVE-2020-6833.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6833", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6834.json b/2020/6xxx/CVE-2020-6834.json new file mode 100644 index 00000000000..003ebece3ed --- /dev/null +++ b/2020/6xxx/CVE-2020-6834.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6834", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6835.json b/2020/6xxx/CVE-2020-6835.json new file mode 100644 index 00000000000..18eaa76275b --- /dev/null +++ b/2020/6xxx/CVE-2020-6835.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fossies.org/linux/bftpd/CHANGELOG", + "refsource": "MISC", + "name": "https://fossies.org/linux/bftpd/CHANGELOG" + }, + { + "url": "http://bftpd.sourceforge.net/news.html#302460", + "refsource": "MISC", + "name": "http://bftpd.sourceforge.net/news.html#302460" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6836.json b/2020/6xxx/CVE-2020-6836.json new file mode 100644 index 00000000000..aa243be3978 --- /dev/null +++ b/2020/6xxx/CVE-2020-6836.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may allow attackers to run arbitrary commands on the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.npmjs.com/advisories/1439", + "refsource": "MISC", + "name": "https://www.npmjs.com/advisories/1439" + }, + { + "url": "https://github.com/handsontable/formula-parser/commit/396b089738d4bf30eb570a4fe6a188affa95cd5e", + "refsource": "MISC", + "name": "https://github.com/handsontable/formula-parser/commit/396b089738d4bf30eb570a4fe6a188affa95cd5e" + }, + { + "refsource": "MISC", + "name": "https://blog.truesec.com/2020/01/17/reverse-shell-through-a-node-js-math-parser/", + "url": "https://blog.truesec.com/2020/01/17/reverse-shell-through-a-node-js-math-parser/" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6837.json b/2020/6xxx/CVE-2020-6837.json new file mode 100644 index 00000000000..b996d4ea22c --- /dev/null +++ b/2020/6xxx/CVE-2020-6837.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6837", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6838.json b/2020/6xxx/CVE-2020-6838.json new file mode 100644 index 00000000000..dafea452e9b --- /dev/null +++ b/2020/6xxx/CVE-2020-6838.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mruby/mruby/issues/4926", + "refsource": "MISC", + "name": "https://github.com/mruby/mruby/issues/4926" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6839.json b/2020/6xxx/CVE-2020-6839.json new file mode 100644 index 00000000000..fa4f4abe6ee --- /dev/null +++ b/2020/6xxx/CVE-2020-6839.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mruby/mruby/issues/4929", + "refsource": "MISC", + "name": "https://github.com/mruby/mruby/issues/4929" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6840.json b/2020/6xxx/CVE-2020-6840.json new file mode 100644 index 00000000000..39f2999de7e --- /dev/null +++ b/2020/6xxx/CVE-2020-6840.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mruby/mruby/issues/4927", + "refsource": "MISC", + "name": "https://github.com/mruby/mruby/issues/4927" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6841.json b/2020/6xxx/CVE-2020-6841.json new file mode 100644 index 00000000000..499dd373f26 --- /dev/null +++ b/2020/6xxx/CVE-2020-6841.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6841", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6842.json b/2020/6xxx/CVE-2020-6842.json new file mode 100644 index 00000000000..e7d654cd5bd --- /dev/null +++ b/2020/6xxx/CVE-2020-6842.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6842", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6843.json b/2020/6xxx/CVE-2020-6843.json new file mode 100644 index 00000000000..479b9d45d3a --- /dev/null +++ b/2020/6xxx/CVE-2020-6843.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html", + "refsource": "MISC", + "name": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html" + }, + { + "refsource": "FULLDISC", + "name": "20200122 SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus", + "url": "http://seclists.org/fulldisclosure/2020/Jan/32" + }, + { + "refsource": "BUGTRAQ", + "name": "20200122 SEC Consult SA-20200122-0 :: Reflected XSS in ZOHO ManageEngine ServiceDeskPlus", + "url": "https://seclists.org/bugtraq/2020/Jan/34" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/156050/ZOHO-ManageEngine-ServiceDeskPlus-11.0-Build-11007-Cross-Site-Scripting.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959", + "url": "https://www.manageengine.com/products/service-desk/readme.html#11010%20-%20SD-83959" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6844.json b/2020/6xxx/CVE-2020-6844.json new file mode 100644 index 00000000000..3f0942a7d1b --- /dev/null +++ b/2020/6xxx/CVE-2020-6844.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6844", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6845.json b/2020/6xxx/CVE-2020-6845.json new file mode 100644 index 00000000000..adae636c44e --- /dev/null +++ b/2020/6xxx/CVE-2020-6845.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6845", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6846.json b/2020/6xxx/CVE-2020-6846.json new file mode 100644 index 00000000000..17a95e8ddd5 --- /dev/null +++ b/2020/6xxx/CVE-2020-6846.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6846", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6847.json b/2020/6xxx/CVE-2020-6847.json new file mode 100644 index 00000000000..936d3efc8f5 --- /dev/null +++ b/2020/6xxx/CVE-2020-6847.json @@ -0,0 +1,86 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6847", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gist.github.com/Marshall-Hallenbeck/bf6a4a4f408bb7a5e0a47cb39dc1dbbe", + "refsource": "MISC", + "name": "https://gist.github.com/Marshall-Hallenbeck/bf6a4a4f408bb7a5e0a47cb39dc1dbbe" + }, + { + "url": "https://github.com/3s3s/opentrade/blob/4f91391164219da30533453e1ff6800ef2ef3c6b/static_pages/js/index.js#L473", + "refsource": "MISC", + "name": "https://github.com/3s3s/opentrade/blob/4f91391164219da30533453e1ff6800ef2ef3c6b/static_pages/js/index.js#L473" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/3s3s/opentrade/pull/337", + "url": "https://github.com/3s3s/opentrade/pull/337" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:N/C:H/I:L/PR:L/S:C/UI:R", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6848.json b/2020/6xxx/CVE-2020-6848.json new file mode 100644 index 00000000000..1989bc2754e --- /dev/null +++ b/2020/6xxx/CVE-2020-6848.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6848", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Name) parameter to the configWebParams.cgi URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/flir-brickstream-recuento-y-seguimiento.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/flir-brickstream-recuento-y-seguimiento.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6849.json b/2020/6xxx/CVE-2020-6849.json new file mode 100644 index 00000000000..7b82e6fecd7 --- /dev/null +++ b/2020/6xxx/CVE-2020-6849.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketo_fat CSRF with resultant XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://zeroauth.ltd/blog/", + "refsource": "MISC", + "name": "https://zeroauth.ltd/blog/" + }, + { + "url": "https://wordpress.org/plugins/marketo-forms-and-tracking/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/marketo-forms-and-tracking/#developers" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10031", + "url": "https://wpvulndb.com/vulnerabilities/10031" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6850.json b/2020/6xxx/CVE-2020-6850.json new file mode 100644 index 00000000000..09e7e52bffa --- /dev/null +++ b/2020/6xxx/CVE-2020-6850.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6850", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6851.json b/2020/6xxx/CVE-2020-6851.json new file mode 100644 index 00000000000..8c06ab8fcac --- /dev/null +++ b/2020/6xxx/CVE-2020-6851.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6851", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/uclouvain/openjpeg/issues/1228", + "refsource": "MISC", + "name": "https://github.com/uclouvain/openjpeg/issues/1228" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200128 [SECURITY] [DLA 2081-1] openjpeg2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00025.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6852.json b/2020/6xxx/CVE-2020-6852.json new file mode 100644 index 00000000000..04769f890d7 --- /dev/null +++ b/2020/6xxx/CVE-2020-6852.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6852", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6853.json b/2020/6xxx/CVE-2020-6853.json new file mode 100644 index 00000000000..183f875a3bd --- /dev/null +++ b/2020/6xxx/CVE-2020-6853.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6853", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6854.json b/2020/6xxx/CVE-2020-6854.json new file mode 100644 index 00000000000..bc711820e75 --- /dev/null +++ b/2020/6xxx/CVE-2020-6854.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6854", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6855.json b/2020/6xxx/CVE-2020-6855.json new file mode 100644 index 00000000000..ac14361b7fb --- /dev/null +++ b/2020/6xxx/CVE-2020-6855.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6855", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6856.json b/2020/6xxx/CVE-2020-6856.json new file mode 100644 index 00000000000..f5fb1e825a1 --- /dev/null +++ b/2020/6xxx/CVE-2020-6856.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6856", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6857.json b/2020/6xxx/CVE-2020-6857.json new file mode 100644 index 00000000000..bf635908837 --- /dev/null +++ b/2020/6xxx/CVE-2020-6857.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CarbonFTP v1.4 uses insecure proprietary password encryption with a hard-coded weak encryption key. The key for local FTP server passwords is hard-coded in the binary." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://hyp3rlinx.altervista.org", + "refsource": "MISC", + "name": "http://hyp3rlinx.altervista.org" + }, + { + "refsource": "MISC", + "name": "https://seclists.org/bugtraq/2020/Jan/30", + "url": "https://seclists.org/bugtraq/2020/Jan/30" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156015/Neowise-CarbonFTP-1.4-Insecure-Proprietary-Password-Encryption.html", + "url": "http://packetstormsecurity.com/files/156015/Neowise-CarbonFTP-1.4-Insecure-Proprietary-Password-Encryption.html" + }, + { + "refsource": "FULLDISC", + "name": "20200121 Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption / CVE-2020-6857", + "url": "http://seclists.org/fulldisclosure/2020/Jan/29" + }, + { + "refsource": "FULLDISC", + "name": "20200124 [UPDATED - POC] Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption / CVE-2020-6857", + "url": "http://seclists.org/fulldisclosure/2020/Jan/35" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6858.json b/2020/6xxx/CVE-2020-6858.json new file mode 100644 index 00000000000..4e4c556f9f2 --- /dev/null +++ b/2020/6xxx/CVE-2020-6858.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6858", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6859.json b/2020/6xxx/CVE-2020-6859.json new file mode 100644 index 00000000000..36f5df15252 --- /dev/null +++ b/2020/6xxx/CVE-2020-6859.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/ultimate-member/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/ultimate-member/#developers" + }, + { + "url": "https://github.com/ultimatemember/ultimatemember/blob/627bbb0fae81ac34c60b43f0867eadcf8e1bc523/includes/core/class-files.php#L310", + "refsource": "MISC", + "name": "https://github.com/ultimatemember/ultimatemember/blob/627bbb0fae81ac34c60b43f0867eadcf8e1bc523/includes/core/class-files.php#L310" + }, + { + "url": "https://github.com/ultimatemember/ultimatemember/blob/627bbb0fae81ac34c60b43f0867eadcf8e1bc523/includes/core/class-files.php#L269", + "refsource": "MISC", + "name": "https://github.com/ultimatemember/ultimatemember/blob/627bbb0fae81ac34c60b43f0867eadcf8e1bc523/includes/core/class-files.php#L269" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/ultimatemember/ultimatemember/commit/249682559012734a4f7d71f52609b2f301ea55b1", + "url": "https://github.com/ultimatemember/ultimatemember/commit/249682559012734a4f7d71f52609b2f301ea55b1" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10041", + "url": "https://wpvulndb.com/vulnerabilities/10041" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6860.json b/2020/6xxx/CVE-2020-6860.json new file mode 100644 index 00000000000..0c22c0f1a10 --- /dev/null +++ b/2020/6xxx/CVE-2020-6860.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/hoene/libmysofa/issues/96", + "refsource": "MISC", + "name": "https://github.com/hoene/libmysofa/issues/96" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6861.json b/2020/6xxx/CVE-2020-6861.json new file mode 100644 index 00000000000..568c1023b61 --- /dev/null +++ b/2020/6xxx/CVE-2020-6861.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6861", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6862.json b/2020/6xxx/CVE-2020-6862.json new file mode 100644 index 00000000000..66162d5c3b1 --- /dev/null +++ b/2020/6xxx/CVE-2020-6862.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6862", + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ZTE Corporation", + "product": { + "product_data": [ + { + "product_name": "F6x2W", + "version": { + "version_data": [ + { + "version_value": "V6.0.10P2T2?V6.0.10P2T5" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "information leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012162", + "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1012162" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6863.json b/2020/6xxx/CVE-2020-6863.json new file mode 100644 index 00000000000..d6379afa17e --- /dev/null +++ b/2020/6xxx/CVE-2020-6863.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6863", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6864.json b/2020/6xxx/CVE-2020-6864.json new file mode 100644 index 00000000000..022e08818bd --- /dev/null +++ b/2020/6xxx/CVE-2020-6864.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6864", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6865.json b/2020/6xxx/CVE-2020-6865.json new file mode 100644 index 00000000000..7cba2bda19e --- /dev/null +++ b/2020/6xxx/CVE-2020-6865.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6865", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6866.json b/2020/6xxx/CVE-2020-6866.json new file mode 100644 index 00000000000..076794a1d09 --- /dev/null +++ b/2020/6xxx/CVE-2020-6866.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6866", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6867.json b/2020/6xxx/CVE-2020-6867.json new file mode 100644 index 00000000000..fb762f6ccc9 --- /dev/null +++ b/2020/6xxx/CVE-2020-6867.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6867", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6868.json b/2020/6xxx/CVE-2020-6868.json new file mode 100644 index 00000000000..413382ce29f --- /dev/null +++ b/2020/6xxx/CVE-2020-6868.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6868", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6869.json b/2020/6xxx/CVE-2020-6869.json new file mode 100644 index 00000000000..f82e9eb2ec7 --- /dev/null +++ b/2020/6xxx/CVE-2020-6869.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6869", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6870.json b/2020/6xxx/CVE-2020-6870.json new file mode 100644 index 00000000000..7fa33b39df4 --- /dev/null +++ b/2020/6xxx/CVE-2020-6870.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6870", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6871.json b/2020/6xxx/CVE-2020-6871.json new file mode 100644 index 00000000000..0f93b40c03d --- /dev/null +++ b/2020/6xxx/CVE-2020-6871.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6871", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6872.json b/2020/6xxx/CVE-2020-6872.json new file mode 100644 index 00000000000..2e25ff17e47 --- /dev/null +++ b/2020/6xxx/CVE-2020-6872.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6872", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6873.json b/2020/6xxx/CVE-2020-6873.json new file mode 100644 index 00000000000..70bc40c02bf --- /dev/null +++ b/2020/6xxx/CVE-2020-6873.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6873", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6874.json b/2020/6xxx/CVE-2020-6874.json new file mode 100644 index 00000000000..bbb98bc9b8b --- /dev/null +++ b/2020/6xxx/CVE-2020-6874.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6874", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6875.json b/2020/6xxx/CVE-2020-6875.json new file mode 100644 index 00000000000..5624e8b4bdf --- /dev/null +++ b/2020/6xxx/CVE-2020-6875.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6875", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6876.json b/2020/6xxx/CVE-2020-6876.json new file mode 100644 index 00000000000..314f529975f --- /dev/null +++ b/2020/6xxx/CVE-2020-6876.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6876", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6877.json b/2020/6xxx/CVE-2020-6877.json new file mode 100644 index 00000000000..2f469c32241 --- /dev/null +++ b/2020/6xxx/CVE-2020-6877.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6877", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6878.json b/2020/6xxx/CVE-2020-6878.json new file mode 100644 index 00000000000..e48ff9c4d4f --- /dev/null +++ b/2020/6xxx/CVE-2020-6878.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6878", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6879.json b/2020/6xxx/CVE-2020-6879.json new file mode 100644 index 00000000000..09753145ad9 --- /dev/null +++ b/2020/6xxx/CVE-2020-6879.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6879", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6880.json b/2020/6xxx/CVE-2020-6880.json new file mode 100644 index 00000000000..ec4215c126c --- /dev/null +++ b/2020/6xxx/CVE-2020-6880.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6880", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6881.json b/2020/6xxx/CVE-2020-6881.json new file mode 100644 index 00000000000..c39ea8f661c --- /dev/null +++ b/2020/6xxx/CVE-2020-6881.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6881", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6882.json b/2020/6xxx/CVE-2020-6882.json new file mode 100644 index 00000000000..dca68b015f1 --- /dev/null +++ b/2020/6xxx/CVE-2020-6882.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6882", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6883.json b/2020/6xxx/CVE-2020-6883.json new file mode 100644 index 00000000000..2a08f1ead90 --- /dev/null +++ b/2020/6xxx/CVE-2020-6883.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6883", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6884.json b/2020/6xxx/CVE-2020-6884.json new file mode 100644 index 00000000000..6ea90fdc0e7 --- /dev/null +++ b/2020/6xxx/CVE-2020-6884.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6884", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6885.json b/2020/6xxx/CVE-2020-6885.json new file mode 100644 index 00000000000..325829e7900 --- /dev/null +++ b/2020/6xxx/CVE-2020-6885.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6885", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6886.json b/2020/6xxx/CVE-2020-6886.json new file mode 100644 index 00000000000..1420f2167f3 --- /dev/null +++ b/2020/6xxx/CVE-2020-6886.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6886", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6887.json b/2020/6xxx/CVE-2020-6887.json new file mode 100644 index 00000000000..be0dabf2295 --- /dev/null +++ b/2020/6xxx/CVE-2020-6887.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6887", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6888.json b/2020/6xxx/CVE-2020-6888.json new file mode 100644 index 00000000000..bf36d025981 --- /dev/null +++ b/2020/6xxx/CVE-2020-6888.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6888", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6889.json b/2020/6xxx/CVE-2020-6889.json new file mode 100644 index 00000000000..80446ad2483 --- /dev/null +++ b/2020/6xxx/CVE-2020-6889.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6889", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6890.json b/2020/6xxx/CVE-2020-6890.json new file mode 100644 index 00000000000..b298c0259f0 --- /dev/null +++ b/2020/6xxx/CVE-2020-6890.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6890", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6891.json b/2020/6xxx/CVE-2020-6891.json new file mode 100644 index 00000000000..6ff83d80c0b --- /dev/null +++ b/2020/6xxx/CVE-2020-6891.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6891", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6892.json b/2020/6xxx/CVE-2020-6892.json new file mode 100644 index 00000000000..d834ac8ce75 --- /dev/null +++ b/2020/6xxx/CVE-2020-6892.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6892", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6893.json b/2020/6xxx/CVE-2020-6893.json new file mode 100644 index 00000000000..36617f771f1 --- /dev/null +++ b/2020/6xxx/CVE-2020-6893.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6893", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6894.json b/2020/6xxx/CVE-2020-6894.json new file mode 100644 index 00000000000..da4025fd738 --- /dev/null +++ b/2020/6xxx/CVE-2020-6894.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6894", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6895.json b/2020/6xxx/CVE-2020-6895.json new file mode 100644 index 00000000000..f180a85571e --- /dev/null +++ b/2020/6xxx/CVE-2020-6895.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6895", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6896.json b/2020/6xxx/CVE-2020-6896.json new file mode 100644 index 00000000000..9b917bd9db2 --- /dev/null +++ b/2020/6xxx/CVE-2020-6896.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6896", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6897.json b/2020/6xxx/CVE-2020-6897.json new file mode 100644 index 00000000000..6822a204ebe --- /dev/null +++ b/2020/6xxx/CVE-2020-6897.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6897", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6898.json b/2020/6xxx/CVE-2020-6898.json new file mode 100644 index 00000000000..dc836d5c8a0 --- /dev/null +++ b/2020/6xxx/CVE-2020-6898.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6898", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6899.json b/2020/6xxx/CVE-2020-6899.json new file mode 100644 index 00000000000..73670758199 --- /dev/null +++ b/2020/6xxx/CVE-2020-6899.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6899", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6900.json b/2020/6xxx/CVE-2020-6900.json new file mode 100644 index 00000000000..93f7d89633c --- /dev/null +++ b/2020/6xxx/CVE-2020-6900.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6900", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6901.json b/2020/6xxx/CVE-2020-6901.json new file mode 100644 index 00000000000..ea28e180c75 --- /dev/null +++ b/2020/6xxx/CVE-2020-6901.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6901", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6902.json b/2020/6xxx/CVE-2020-6902.json new file mode 100644 index 00000000000..9f7049238d4 --- /dev/null +++ b/2020/6xxx/CVE-2020-6902.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6902", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6903.json b/2020/6xxx/CVE-2020-6903.json new file mode 100644 index 00000000000..4a9f1bebc5a --- /dev/null +++ b/2020/6xxx/CVE-2020-6903.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6903", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6904.json b/2020/6xxx/CVE-2020-6904.json new file mode 100644 index 00000000000..575b7a79a3f --- /dev/null +++ b/2020/6xxx/CVE-2020-6904.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6904", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6905.json b/2020/6xxx/CVE-2020-6905.json new file mode 100644 index 00000000000..26d9911c3ac --- /dev/null +++ b/2020/6xxx/CVE-2020-6905.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6905", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6906.json b/2020/6xxx/CVE-2020-6906.json new file mode 100644 index 00000000000..ea98708dce0 --- /dev/null +++ b/2020/6xxx/CVE-2020-6906.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6906", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6907.json b/2020/6xxx/CVE-2020-6907.json new file mode 100644 index 00000000000..88a84bd5ca0 --- /dev/null +++ b/2020/6xxx/CVE-2020-6907.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6907", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6908.json b/2020/6xxx/CVE-2020-6908.json new file mode 100644 index 00000000000..0a7124adae9 --- /dev/null +++ b/2020/6xxx/CVE-2020-6908.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6908", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6909.json b/2020/6xxx/CVE-2020-6909.json new file mode 100644 index 00000000000..1c6c162f151 --- /dev/null +++ b/2020/6xxx/CVE-2020-6909.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6909", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6910.json b/2020/6xxx/CVE-2020-6910.json new file mode 100644 index 00000000000..2e2520db9ba --- /dev/null +++ b/2020/6xxx/CVE-2020-6910.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6910", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6911.json b/2020/6xxx/CVE-2020-6911.json new file mode 100644 index 00000000000..c0e28a7fc6d --- /dev/null +++ b/2020/6xxx/CVE-2020-6911.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6911", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6912.json b/2020/6xxx/CVE-2020-6912.json new file mode 100644 index 00000000000..38fcf9aa360 --- /dev/null +++ b/2020/6xxx/CVE-2020-6912.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6912", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6913.json b/2020/6xxx/CVE-2020-6913.json new file mode 100644 index 00000000000..a841c083fb3 --- /dev/null +++ b/2020/6xxx/CVE-2020-6913.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6913", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6914.json b/2020/6xxx/CVE-2020-6914.json new file mode 100644 index 00000000000..c6f478e3a06 --- /dev/null +++ b/2020/6xxx/CVE-2020-6914.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6914", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6915.json b/2020/6xxx/CVE-2020-6915.json new file mode 100644 index 00000000000..963fbea586d --- /dev/null +++ b/2020/6xxx/CVE-2020-6915.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6915", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6916.json b/2020/6xxx/CVE-2020-6916.json new file mode 100644 index 00000000000..79701fafddd --- /dev/null +++ b/2020/6xxx/CVE-2020-6916.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6916", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6917.json b/2020/6xxx/CVE-2020-6917.json new file mode 100644 index 00000000000..0159d81cb0e --- /dev/null +++ b/2020/6xxx/CVE-2020-6917.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6917", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6918.json b/2020/6xxx/CVE-2020-6918.json new file mode 100644 index 00000000000..03db0ccc1cf --- /dev/null +++ b/2020/6xxx/CVE-2020-6918.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6918", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6919.json b/2020/6xxx/CVE-2020-6919.json new file mode 100644 index 00000000000..58449b9aa2b --- /dev/null +++ b/2020/6xxx/CVE-2020-6919.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6919", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6920.json b/2020/6xxx/CVE-2020-6920.json new file mode 100644 index 00000000000..d59871ead96 --- /dev/null +++ b/2020/6xxx/CVE-2020-6920.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6920", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6921.json b/2020/6xxx/CVE-2020-6921.json new file mode 100644 index 00000000000..dacddd50071 --- /dev/null +++ b/2020/6xxx/CVE-2020-6921.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6921", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6922.json b/2020/6xxx/CVE-2020-6922.json new file mode 100644 index 00000000000..1ba813819c8 --- /dev/null +++ b/2020/6xxx/CVE-2020-6922.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6922", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6923.json b/2020/6xxx/CVE-2020-6923.json new file mode 100644 index 00000000000..e80a586bdbb --- /dev/null +++ b/2020/6xxx/CVE-2020-6923.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6923", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6924.json b/2020/6xxx/CVE-2020-6924.json new file mode 100644 index 00000000000..19e0510306c --- /dev/null +++ b/2020/6xxx/CVE-2020-6924.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6924", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6925.json b/2020/6xxx/CVE-2020-6925.json new file mode 100644 index 00000000000..6968a4aa902 --- /dev/null +++ b/2020/6xxx/CVE-2020-6925.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6925", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6926.json b/2020/6xxx/CVE-2020-6926.json new file mode 100644 index 00000000000..4488b67baf8 --- /dev/null +++ b/2020/6xxx/CVE-2020-6926.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6926", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6927.json b/2020/6xxx/CVE-2020-6927.json new file mode 100644 index 00000000000..e5f46dfa2dd --- /dev/null +++ b/2020/6xxx/CVE-2020-6927.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6927", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6928.json b/2020/6xxx/CVE-2020-6928.json new file mode 100644 index 00000000000..e2c8e1c672a --- /dev/null +++ b/2020/6xxx/CVE-2020-6928.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6928", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6929.json b/2020/6xxx/CVE-2020-6929.json new file mode 100644 index 00000000000..ed2362bbf87 --- /dev/null +++ b/2020/6xxx/CVE-2020-6929.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6929", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6930.json b/2020/6xxx/CVE-2020-6930.json new file mode 100644 index 00000000000..01e34c39931 --- /dev/null +++ b/2020/6xxx/CVE-2020-6930.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6930", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6931.json b/2020/6xxx/CVE-2020-6931.json new file mode 100644 index 00000000000..902558bf276 --- /dev/null +++ b/2020/6xxx/CVE-2020-6931.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6931", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6932.json b/2020/6xxx/CVE-2020-6932.json new file mode 100644 index 00000000000..d183e71007d --- /dev/null +++ b/2020/6xxx/CVE-2020-6932.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6932", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6933.json b/2020/6xxx/CVE-2020-6933.json new file mode 100644 index 00000000000..2530bb6adb1 --- /dev/null +++ b/2020/6xxx/CVE-2020-6933.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6933", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6934.json b/2020/6xxx/CVE-2020-6934.json new file mode 100644 index 00000000000..9408e0bf111 --- /dev/null +++ b/2020/6xxx/CVE-2020-6934.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6934", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6935.json b/2020/6xxx/CVE-2020-6935.json new file mode 100644 index 00000000000..631069052c5 --- /dev/null +++ b/2020/6xxx/CVE-2020-6935.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6935", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6936.json b/2020/6xxx/CVE-2020-6936.json new file mode 100644 index 00000000000..1e5fdbe5342 --- /dev/null +++ b/2020/6xxx/CVE-2020-6936.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6936", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6937.json b/2020/6xxx/CVE-2020-6937.json new file mode 100644 index 00000000000..8eb76d190c8 --- /dev/null +++ b/2020/6xxx/CVE-2020-6937.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6937", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6938.json b/2020/6xxx/CVE-2020-6938.json new file mode 100644 index 00000000000..93a6e0e384d --- /dev/null +++ b/2020/6xxx/CVE-2020-6938.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6938", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6939.json b/2020/6xxx/CVE-2020-6939.json new file mode 100644 index 00000000000..ee632bcebd1 --- /dev/null +++ b/2020/6xxx/CVE-2020-6939.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6939", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6940.json b/2020/6xxx/CVE-2020-6940.json new file mode 100644 index 00000000000..c044a95884b --- /dev/null +++ b/2020/6xxx/CVE-2020-6940.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6940", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6941.json b/2020/6xxx/CVE-2020-6941.json new file mode 100644 index 00000000000..1c7a0c9e4b8 --- /dev/null +++ b/2020/6xxx/CVE-2020-6941.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6941", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6942.json b/2020/6xxx/CVE-2020-6942.json new file mode 100644 index 00000000000..127cfe9fe59 --- /dev/null +++ b/2020/6xxx/CVE-2020-6942.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6942", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6943.json b/2020/6xxx/CVE-2020-6943.json new file mode 100644 index 00000000000..5578bbe8bf0 --- /dev/null +++ b/2020/6xxx/CVE-2020-6943.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6943", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6944.json b/2020/6xxx/CVE-2020-6944.json new file mode 100644 index 00000000000..8ef5cc17d54 --- /dev/null +++ b/2020/6xxx/CVE-2020-6944.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6944", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6945.json b/2020/6xxx/CVE-2020-6945.json new file mode 100644 index 00000000000..4bb606f2d62 --- /dev/null +++ b/2020/6xxx/CVE-2020-6945.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6945", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6946.json b/2020/6xxx/CVE-2020-6946.json new file mode 100644 index 00000000000..fc87b6ba3a7 --- /dev/null +++ b/2020/6xxx/CVE-2020-6946.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6946", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6947.json b/2020/6xxx/CVE-2020-6947.json new file mode 100644 index 00000000000..b2ad65a155c --- /dev/null +++ b/2020/6xxx/CVE-2020-6947.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6947", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6948.json b/2020/6xxx/CVE-2020-6948.json new file mode 100644 index 00000000000..9446c72ee7c --- /dev/null +++ b/2020/6xxx/CVE-2020-6948.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution issue was discovered in HashBrown CMS through 1.3.3. Server/Entity/Deployer/GitDeployer.js has a Service.AppService.exec call that mishandles the URL, repository, username, and password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/HashBrownCMS/hashbrown-cms/issues/326", + "refsource": "MISC", + "name": "https://github.com/HashBrownCMS/hashbrown-cms/issues/326" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6949.json b/2020/6xxx/CVE-2020-6949.json new file mode 100644 index 00000000000..a200571dbae --- /dev/null +++ b/2020/6xxx/CVE-2020-6949.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A privilege escalation issue was discovered in the postUser function in HashBrown CMS through 1.3.3. An editor user can change the password hash of an admin user's account, or otherwise reconfigure that account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/HashBrownCMS/hashbrown-cms/issues/327", + "refsource": "MISC", + "name": "https://github.com/HashBrownCMS/hashbrown-cms/issues/327" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6950.json b/2020/6xxx/CVE-2020-6950.json new file mode 100644 index 00000000000..4ec9acd9cff --- /dev/null +++ b/2020/6xxx/CVE-2020-6950.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6950", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6951.json b/2020/6xxx/CVE-2020-6951.json new file mode 100644 index 00000000000..541d3f7c58f --- /dev/null +++ b/2020/6xxx/CVE-2020-6951.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6951", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6952.json b/2020/6xxx/CVE-2020-6952.json new file mode 100644 index 00000000000..d8cff8656ab --- /dev/null +++ b/2020/6xxx/CVE-2020-6952.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6952", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6953.json b/2020/6xxx/CVE-2020-6953.json new file mode 100644 index 00000000000..5a584f82415 --- /dev/null +++ b/2020/6xxx/CVE-2020-6953.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6953", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6954.json b/2020/6xxx/CVE-2020-6954.json new file mode 100644 index 00000000000..acde1d41515 --- /dev/null +++ b/2020/6xxx/CVE-2020-6954.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Cayin SMP-PRO4 devices. A user can discover a saved password by viewing the URL after a Connection String Test. This password is shown in the webpass parameter of a media_folder.cgi?apply_mode=ping_server URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nileshsapariya.blogspot.com/2020/01/cayin-smp-pro4-signage-media-player.html", + "refsource": "MISC", + "name": "https://nileshsapariya.blogspot.com/2020/01/cayin-smp-pro4-signage-media-player.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6955.json b/2020/6xxx/CVE-2020-6955.json new file mode 100644 index 00000000000..05988672455 --- /dev/null +++ b/2020/6xxx/CVE-2020-6955.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Cayin SMP-PRO4 devices. They allow image_preview.html?filename= reflected XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://nileshsapariya.blogspot.com/2020/01/cayin-smp-pro4-signage-media-player.html", + "refsource": "MISC", + "name": "https://nileshsapariya.blogspot.com/2020/01/cayin-smp-pro4-signage-media-player.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6956.json b/2020/6xxx/CVE-2020-6956.json new file mode 100644 index 00000000000..01b23c64fdb --- /dev/null +++ b/2020/6xxx/CVE-2020-6956.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6956", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6957.json b/2020/6xxx/CVE-2020-6957.json new file mode 100644 index 00000000000..015ab0ea602 --- /dev/null +++ b/2020/6xxx/CVE-2020-6957.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6957", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6958.json b/2020/6xxx/CVE-2020-6958.json new file mode 100644 index 00000000000..a30703436e5 --- /dev/null +++ b/2020/6xxx/CVE-2020-6958.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-6958", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sourceforge.net/p/yajsw/bugs/166/", + "refsource": "MISC", + "name": "https://sourceforge.net/p/yajsw/bugs/166/" + }, + { + "url": "https://github.com/NationalSecurityAgency/ghidra/issues/943", + "refsource": "MISC", + "name": "https://github.com/NationalSecurityAgency/ghidra/issues/943" + }, + { + "url": "https://github.com/purpleracc00n/Exploits-and-PoC/blob/master/XXE%20in%20YAJSW%E2%80%99s%20JnlpSupport%20affects%20Ghidra%20Server.md", + "refsource": "MISC", + "name": "https://github.com/purpleracc00n/Exploits-and-PoC/blob/master/XXE%20in%20YAJSW%E2%80%99s%20JnlpSupport%20affects%20Ghidra%20Server.md" + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6959.json b/2020/6xxx/CVE-2020-6959.json new file mode 100644 index 00000000000..6bf5e85aab2 --- /dev/null +++ b/2020/6xxx/CVE-2020-6959.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6959", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Honeywell Maxpro VMS & NVR", + "version": { + "version_data": [ + { + "version_value": "The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DESERIALIZATION OF UNTRUSTED DATA CWE-502" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-021-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-021-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch are vulnerable to an unsafe deserialization of untrusted data. An attacker may be able to remotely modify deserialized data without authentication using a specially crafted web request, resulting in remote code execution." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6960.json b/2020/6xxx/CVE-2020-6960.json new file mode 100644 index 00000000000..5fb854ea313 --- /dev/null +++ b/2020/6xxx/CVE-2020-6960.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6960", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Honeywell Maxpro VMS & NVR", + "version": { + "version_data": [ + { + "version_value": "The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND CWE-89" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-20-021-01", + "url": "https://www.us-cert.gov/ics/advisories/icsa-20-021-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prior to Version VMS560 Build 595 T2-Patch, HNMSWVMSLT prior to Version VMS560 Build 595 T2-Patch, MAXPRO NVR: MAXPRO NVR XE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR SE prior to Version NVR 5.6 Build 595 T2-Patch, MAXPRO NVR PE prior to Version NVR 5.6 Build 595 T2-Patch, and MPNVRSWXX prior to Version NVR 5.6 Build 595 T2-Patch contain an SQL injection vulnerability that could give an attacker remote unauthenticated access to the web user interface with administrator-level privileges." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6961.json b/2020/6xxx/CVE-2020-6961.json new file mode 100644 index 00000000000..d695e1fa001 --- /dev/null +++ b/2020/6xxx/CVE-2020-6961.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6961", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center,CARESCAPE B450,B650,B850 Monitors", + "version": { + "version_data": [ + { + "version_value": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server,v4.2 & prior,Clinical Information Center,v4.X & 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNPROTECTED STORAGE OF CREDENTIALS CWE-256" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01", + "url": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X, a vulnerability exists in the affected products that could allow an attacker to obtain access to the SSH private key in configuration files." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6962.json b/2020/6xxx/CVE-2020-6962.json new file mode 100644 index 00000000000..723e4777d6b --- /dev/null +++ b/2020/6xxx/CVE-2020-6962.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6962", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center,CARESCAPE B450,B650,B850 Monitors", + "version": { + "version_data": [ + { + "version_value": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server,v4.2 & prior,Clinical Information Center,v4.X & 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER INPUT VALIDATION CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01", + "url": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Telemetry Server Version 4.3, CARESCAPE Central Station (CSCS) Versions 1.X CARESCAPE Central Station (CSCS) Versions 2.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, an input validation vulnerability exists in the web-based system configuration utility that could allow an attacker to obtain arbitrary remote code execution." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6963.json b/2020/6xxx/CVE-2020-6963.json new file mode 100644 index 00000000000..2747430bf7b --- /dev/null +++ b/2020/6xxx/CVE-2020-6963.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6963", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors", + "version": { + "version_data": [ + { + "version_value": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server, v4.2 & prior,Clinical Information Center,v4.X& 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "USE OF HARD-CODED CREDENTIALS CWE-798" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01", + "url": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilized hard coded SMB credentials, which may allow an attacker to remotely execute arbitrary code." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6964.json b/2020/6xxx/CVE-2020-6964.json new file mode 100644 index 00000000000..e3bf8c83318 --- /dev/null +++ b/2020/6xxx/CVE-2020-6964.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6964", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors", + "version": { + "version_data": [ + { + "version_value": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server, v4.2 & prior,Clinical Information Center,v4.X& 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01", + "url": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X and CARESCAPE Central Station (CSCS) Versions 2.X, the integrated service for keyboard switching of the affected devices could allow attackers to obtain remote keyboard input access without authentication over the network." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6965.json b/2020/6xxx/CVE-2020-6965.json new file mode 100644 index 00000000000..6120058acdf --- /dev/null +++ b/2020/6xxx/CVE-2020-6965.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6965", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors", + "version": { + "version_data": [ + { + "version_value": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server, v4.2 & prior,Clinical Information Center,v4.X& 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01", + "url": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, B450 Version 2.X, B650 Version 1.X, B650 Version 2.X, B850 Version 1.X, B850 Version 2.X, a vulnerability in the software update mechanism allows an authenticated attacker to upload arbitrary files on the system through a crafted update package." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6966.json b/2020/6xxx/CVE-2020-6966.json new file mode 100644 index 00000000000..5b08c3f0213 --- /dev/null +++ b/2020/6xxx/CVE-2020-6966.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6966", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "GE CARESCAPE Telemetry Server,ApexPro Telemetry Server,CARESCAPE Central Station,Clinical Information Center systems,CARESCAPE B450,B650,B850 Monitors", + "version": { + "version_data": [ + { + "version_value": "ApexPro Telemetry Server,v4.2 & prior,CARESCAPE Telemetry Server, v4.2 & prior,Clinical Information Center,v4.X& 5.X,CARESCAPE Telemetry Server,v4.3,CARESCAPE Central Station,v1.X,CARESCAPE Central Station,v2.X,B450,v2.X,B650,v1.X,B650,v2.X,B850,v1.X,B850,v2.X" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INADEQUATE ENCRYPTION STRENGTH CWE-326" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01", + "url": "https://www.us-cert.gov/ics/advisories/icsma-20-023-01" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Versions 4.X and 5.X, CARESCAPE Central Station (CSCS) Versions 1.X, the affected products utilize a weak encryption scheme for remote desktop control, which may allow an attacker to obtain remote code execution of devices on the network." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6967.json b/2020/6xxx/CVE-2020-6967.json new file mode 100644 index 00000000000..dc91cebb83d --- /dev/null +++ b/2020/6xxx/CVE-2020-6967.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6967", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6968.json b/2020/6xxx/CVE-2020-6968.json new file mode 100644 index 00000000000..f7d07456c20 --- /dev/null +++ b/2020/6xxx/CVE-2020-6968.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6968", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6969.json b/2020/6xxx/CVE-2020-6969.json new file mode 100644 index 00000000000..2d55439c0dd --- /dev/null +++ b/2020/6xxx/CVE-2020-6969.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6969", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6970.json b/2020/6xxx/CVE-2020-6970.json new file mode 100644 index 00000000000..d0e520f40e6 --- /dev/null +++ b/2020/6xxx/CVE-2020-6970.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6970", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6971.json b/2020/6xxx/CVE-2020-6971.json new file mode 100644 index 00000000000..d2f712f67c0 --- /dev/null +++ b/2020/6xxx/CVE-2020-6971.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6971", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6972.json b/2020/6xxx/CVE-2020-6972.json new file mode 100644 index 00000000000..cd76b5b354e --- /dev/null +++ b/2020/6xxx/CVE-2020-6972.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6972", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6973.json b/2020/6xxx/CVE-2020-6973.json new file mode 100644 index 00000000000..d6bb6f1eaed --- /dev/null +++ b/2020/6xxx/CVE-2020-6973.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6973", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6974.json b/2020/6xxx/CVE-2020-6974.json new file mode 100644 index 00000000000..4435e0b2099 --- /dev/null +++ b/2020/6xxx/CVE-2020-6974.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6974", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6975.json b/2020/6xxx/CVE-2020-6975.json new file mode 100644 index 00000000000..1c7fc00d56d --- /dev/null +++ b/2020/6xxx/CVE-2020-6975.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6975", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6976.json b/2020/6xxx/CVE-2020-6976.json new file mode 100644 index 00000000000..92df4487579 --- /dev/null +++ b/2020/6xxx/CVE-2020-6976.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6976", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6977.json b/2020/6xxx/CVE-2020-6977.json new file mode 100644 index 00000000000..3b6da9ce0e0 --- /dev/null +++ b/2020/6xxx/CVE-2020-6977.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6977", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6978.json b/2020/6xxx/CVE-2020-6978.json new file mode 100644 index 00000000000..ec1419552fc --- /dev/null +++ b/2020/6xxx/CVE-2020-6978.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6978", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6979.json b/2020/6xxx/CVE-2020-6979.json new file mode 100644 index 00000000000..7e9b39749fb --- /dev/null +++ b/2020/6xxx/CVE-2020-6979.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6979", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6980.json b/2020/6xxx/CVE-2020-6980.json new file mode 100644 index 00000000000..ee880b02bc4 --- /dev/null +++ b/2020/6xxx/CVE-2020-6980.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6980", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6981.json b/2020/6xxx/CVE-2020-6981.json new file mode 100644 index 00000000000..9b117f7cf74 --- /dev/null +++ b/2020/6xxx/CVE-2020-6981.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6981", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6982.json b/2020/6xxx/CVE-2020-6982.json new file mode 100644 index 00000000000..ce966e804a2 --- /dev/null +++ b/2020/6xxx/CVE-2020-6982.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6982", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6983.json b/2020/6xxx/CVE-2020-6983.json new file mode 100644 index 00000000000..ea6abfcaa61 --- /dev/null +++ b/2020/6xxx/CVE-2020-6983.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6983", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6984.json b/2020/6xxx/CVE-2020-6984.json new file mode 100644 index 00000000000..be2201da4bf --- /dev/null +++ b/2020/6xxx/CVE-2020-6984.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6984", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6985.json b/2020/6xxx/CVE-2020-6985.json new file mode 100644 index 00000000000..72382b17dfa --- /dev/null +++ b/2020/6xxx/CVE-2020-6985.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6985", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6986.json b/2020/6xxx/CVE-2020-6986.json new file mode 100644 index 00000000000..1ff9d0ccf1b --- /dev/null +++ b/2020/6xxx/CVE-2020-6986.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6986", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6987.json b/2020/6xxx/CVE-2020-6987.json new file mode 100644 index 00000000000..34f2b82cbc5 --- /dev/null +++ b/2020/6xxx/CVE-2020-6987.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6987", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6988.json b/2020/6xxx/CVE-2020-6988.json new file mode 100644 index 00000000000..83979b85986 --- /dev/null +++ b/2020/6xxx/CVE-2020-6988.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6988", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6989.json b/2020/6xxx/CVE-2020-6989.json new file mode 100644 index 00000000000..120fb0f25e1 --- /dev/null +++ b/2020/6xxx/CVE-2020-6989.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6989", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6990.json b/2020/6xxx/CVE-2020-6990.json new file mode 100644 index 00000000000..b8895564d4d --- /dev/null +++ b/2020/6xxx/CVE-2020-6990.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6990", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6991.json b/2020/6xxx/CVE-2020-6991.json new file mode 100644 index 00000000000..dbd0d4e9f8d --- /dev/null +++ b/2020/6xxx/CVE-2020-6991.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6991", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6992.json b/2020/6xxx/CVE-2020-6992.json new file mode 100644 index 00000000000..8e2bdf89727 --- /dev/null +++ b/2020/6xxx/CVE-2020-6992.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6992", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6993.json b/2020/6xxx/CVE-2020-6993.json new file mode 100644 index 00000000000..2b9c5045a56 --- /dev/null +++ b/2020/6xxx/CVE-2020-6993.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6993", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6994.json b/2020/6xxx/CVE-2020-6994.json new file mode 100644 index 00000000000..2ee16e3586d --- /dev/null +++ b/2020/6xxx/CVE-2020-6994.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6994", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6995.json b/2020/6xxx/CVE-2020-6995.json new file mode 100644 index 00000000000..94ba54567d1 --- /dev/null +++ b/2020/6xxx/CVE-2020-6995.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6995", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6996.json b/2020/6xxx/CVE-2020-6996.json new file mode 100644 index 00000000000..db0f6e2584f --- /dev/null +++ b/2020/6xxx/CVE-2020-6996.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6996", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6997.json b/2020/6xxx/CVE-2020-6997.json new file mode 100644 index 00000000000..3b0d8a35beb --- /dev/null +++ b/2020/6xxx/CVE-2020-6997.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6997", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6998.json b/2020/6xxx/CVE-2020-6998.json new file mode 100644 index 00000000000..66027bfa617 --- /dev/null +++ b/2020/6xxx/CVE-2020-6998.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6998", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/6xxx/CVE-2020-6999.json b/2020/6xxx/CVE-2020-6999.json new file mode 100644 index 00000000000..ffc71fe75a1 --- /dev/null +++ b/2020/6xxx/CVE-2020-6999.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-6999", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7000.json b/2020/7xxx/CVE-2020-7000.json new file mode 100644 index 00000000000..318b113b67c --- /dev/null +++ b/2020/7xxx/CVE-2020-7000.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7000", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7001.json b/2020/7xxx/CVE-2020-7001.json new file mode 100644 index 00000000000..adb8dc30ad1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7001.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7001", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7002.json b/2020/7xxx/CVE-2020-7002.json new file mode 100644 index 00000000000..b87db4d9b1f --- /dev/null +++ b/2020/7xxx/CVE-2020-7002.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7002", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7003.json b/2020/7xxx/CVE-2020-7003.json new file mode 100644 index 00000000000..a02097847b2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7003.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7003", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7004.json b/2020/7xxx/CVE-2020-7004.json new file mode 100644 index 00000000000..ab31f85c24a --- /dev/null +++ b/2020/7xxx/CVE-2020-7004.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7004", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7005.json b/2020/7xxx/CVE-2020-7005.json new file mode 100644 index 00000000000..bf401e4b649 --- /dev/null +++ b/2020/7xxx/CVE-2020-7005.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7005", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7006.json b/2020/7xxx/CVE-2020-7006.json new file mode 100644 index 00000000000..0c024fd2279 --- /dev/null +++ b/2020/7xxx/CVE-2020-7006.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7006", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7007.json b/2020/7xxx/CVE-2020-7007.json new file mode 100644 index 00000000000..4df8d592ae1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7007.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7007", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7008.json b/2020/7xxx/CVE-2020-7008.json new file mode 100644 index 00000000000..42d4f722cb0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7008.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7008", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7009.json b/2020/7xxx/CVE-2020-7009.json new file mode 100644 index 00000000000..9809d6dfde2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7009.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7009", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7010.json b/2020/7xxx/CVE-2020-7010.json new file mode 100644 index 00000000000..2f36bbb948c --- /dev/null +++ b/2020/7xxx/CVE-2020-7010.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7010", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7011.json b/2020/7xxx/CVE-2020-7011.json new file mode 100644 index 00000000000..0458078d163 --- /dev/null +++ b/2020/7xxx/CVE-2020-7011.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7011", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7012.json b/2020/7xxx/CVE-2020-7012.json new file mode 100644 index 00000000000..35e1ea5c7d0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7012.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7012", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7013.json b/2020/7xxx/CVE-2020-7013.json new file mode 100644 index 00000000000..9d3768df8e7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7013.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7013", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7014.json b/2020/7xxx/CVE-2020-7014.json new file mode 100644 index 00000000000..a6288862908 --- /dev/null +++ b/2020/7xxx/CVE-2020-7014.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7014", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7015.json b/2020/7xxx/CVE-2020-7015.json new file mode 100644 index 00000000000..8d321ca3845 --- /dev/null +++ b/2020/7xxx/CVE-2020-7015.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7015", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7016.json b/2020/7xxx/CVE-2020-7016.json new file mode 100644 index 00000000000..b59e0e1a9b6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7016.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7016", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7017.json b/2020/7xxx/CVE-2020-7017.json new file mode 100644 index 00000000000..f008e79af7c --- /dev/null +++ b/2020/7xxx/CVE-2020-7017.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7017", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7018.json b/2020/7xxx/CVE-2020-7018.json new file mode 100644 index 00000000000..c172a92f464 --- /dev/null +++ b/2020/7xxx/CVE-2020-7018.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7018", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7019.json b/2020/7xxx/CVE-2020-7019.json new file mode 100644 index 00000000000..bc2321ca583 --- /dev/null +++ b/2020/7xxx/CVE-2020-7019.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7019", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7020.json b/2020/7xxx/CVE-2020-7020.json new file mode 100644 index 00000000000..1f0d2b1f9a8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7020.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7020", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7021.json b/2020/7xxx/CVE-2020-7021.json new file mode 100644 index 00000000000..1cfdb93009b --- /dev/null +++ b/2020/7xxx/CVE-2020-7021.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7021", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7022.json b/2020/7xxx/CVE-2020-7022.json new file mode 100644 index 00000000000..a3430bda1ce --- /dev/null +++ b/2020/7xxx/CVE-2020-7022.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7022", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7023.json b/2020/7xxx/CVE-2020-7023.json new file mode 100644 index 00000000000..16810c2ee20 --- /dev/null +++ b/2020/7xxx/CVE-2020-7023.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7023", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7024.json b/2020/7xxx/CVE-2020-7024.json new file mode 100644 index 00000000000..1139f545007 --- /dev/null +++ b/2020/7xxx/CVE-2020-7024.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7024", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7025.json b/2020/7xxx/CVE-2020-7025.json new file mode 100644 index 00000000000..ba39c559d84 --- /dev/null +++ b/2020/7xxx/CVE-2020-7025.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7025", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7026.json b/2020/7xxx/CVE-2020-7026.json new file mode 100644 index 00000000000..74cb1cf3214 --- /dev/null +++ b/2020/7xxx/CVE-2020-7026.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7026", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7027.json b/2020/7xxx/CVE-2020-7027.json new file mode 100644 index 00000000000..32d26142396 --- /dev/null +++ b/2020/7xxx/CVE-2020-7027.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7027", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7028.json b/2020/7xxx/CVE-2020-7028.json new file mode 100644 index 00000000000..611c41597d2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7028.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7028", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7029.json b/2020/7xxx/CVE-2020-7029.json new file mode 100644 index 00000000000..a4d7a582686 --- /dev/null +++ b/2020/7xxx/CVE-2020-7029.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7029", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7030.json b/2020/7xxx/CVE-2020-7030.json new file mode 100644 index 00000000000..a70ade5ec75 --- /dev/null +++ b/2020/7xxx/CVE-2020-7030.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7030", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7031.json b/2020/7xxx/CVE-2020-7031.json new file mode 100644 index 00000000000..acea84e1473 --- /dev/null +++ b/2020/7xxx/CVE-2020-7031.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7031", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7032.json b/2020/7xxx/CVE-2020-7032.json new file mode 100644 index 00000000000..118ec9d8752 --- /dev/null +++ b/2020/7xxx/CVE-2020-7032.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7032", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7033.json b/2020/7xxx/CVE-2020-7033.json new file mode 100644 index 00000000000..8dd3ce33eaf --- /dev/null +++ b/2020/7xxx/CVE-2020-7033.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7033", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7034.json b/2020/7xxx/CVE-2020-7034.json new file mode 100644 index 00000000000..e3b340d61e2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7034.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7034", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7035.json b/2020/7xxx/CVE-2020-7035.json new file mode 100644 index 00000000000..40c9a0c263b --- /dev/null +++ b/2020/7xxx/CVE-2020-7035.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7035", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7036.json b/2020/7xxx/CVE-2020-7036.json new file mode 100644 index 00000000000..de1501b6679 --- /dev/null +++ b/2020/7xxx/CVE-2020-7036.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7036", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7037.json b/2020/7xxx/CVE-2020-7037.json new file mode 100644 index 00000000000..0329501586e --- /dev/null +++ b/2020/7xxx/CVE-2020-7037.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7037", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7038.json b/2020/7xxx/CVE-2020-7038.json new file mode 100644 index 00000000000..a794aaf51bf --- /dev/null +++ b/2020/7xxx/CVE-2020-7038.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7038", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7039.json b/2020/7xxx/CVE-2020-7039.json new file mode 100644 index 00000000000..2f91372d414 --- /dev/null +++ b/2020/7xxx/CVE-2020-7039.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9" + }, + { + "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80" + }, + { + "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289" + }, + { + "refsource": "CONFIRM", + "name": "http://www.openwall.com/lists/oss-security/2020/01/16/2", + "url": "http://www.openwall.com/lists/oss-security/2020/01/16/2" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200126 [SECURITY] [DLA 2076-1] slirp security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00022.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7040.json b/2020/7xxx/CVE-2020-7040.json new file mode 100644 index 00000000000..74bbdcb66f8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7040.json @@ -0,0 +1,92 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-7040", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-7040" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2020/01/20/3", + "url": "http://www.openwall.com/lists/oss-security/2020/01/20/3" + }, + { + "refsource": "MLIST", + "name": "[oss-security] CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock", + "url": "https://seclists.org/oss-sec/2020/q1/20" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200121 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock", + "url": "http://www.openwall.com/lists/oss-security/2020/01/21/2" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200122 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock", + "url": "http://www.openwall.com/lists/oss-security/2020/01/22/2" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200122 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock", + "url": "http://www.openwall.com/lists/oss-security/2020/01/22/3" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200123 Re: CVE-2020-7040: storeBackup: denial of service and symlink attack vector via fixed lockfile path /tmp/storeBackup.lock", + "url": "http://www.openwall.com/lists/oss-security/2020/01/23/1" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7041.json b/2020/7xxx/CVE-2020-7041.json new file mode 100644 index 00000000000..4c29c53d5b2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7041.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7041", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7042.json b/2020/7xxx/CVE-2020-7042.json new file mode 100644 index 00000000000..2278922595c --- /dev/null +++ b/2020/7xxx/CVE-2020-7042.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7042", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7043.json b/2020/7xxx/CVE-2020-7043.json new file mode 100644 index 00000000000..ecb7111058f --- /dev/null +++ b/2020/7xxx/CVE-2020-7043.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7043", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7044.json b/2020/7xxx/CVE-2020-7044.json new file mode 100644 index 00000000000..38635ac7da8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7044.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7044", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16324", + "refsource": "MISC", + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16324" + }, + { + "url": "https://www.wireshark.org/security/wnpa-sec-2020-01.html", + "refsource": "MISC", + "name": "https://www.wireshark.org/security/wnpa-sec-2020-01.html" + }, + { + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f90a3720b73ca140403315126e2a478c4f70ca03", + "refsource": "MISC", + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f90a3720b73ca140403315126e2a478c4f70ca03" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7045.json b/2020/7xxx/CVE-2020-7045.json new file mode 100644 index 00000000000..d8b32999f52 --- /dev/null +++ b/2020/7xxx/CVE-2020-7045.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7045", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16258", + "refsource": "MISC", + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16258" + }, + { + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=01f261de41f4dd3233ef578e5c0ffb9c25c7d14d", + "refsource": "MISC", + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=01f261de41f4dd3233ef578e5c0ffb9c25c7d14d" + }, + { + "refsource": "MISC", + "name": "https://www.wireshark.org/security/wnpa-sec-2020-02.html", + "url": "https://www.wireshark.org/security/wnpa-sec-2020-02.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7046.json b/2020/7xxx/CVE-2020-7046.json new file mode 100644 index 00000000000..aee66cf6ac7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7046.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7046", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7047.json b/2020/7xxx/CVE-2020-7047.json new file mode 100644 index 00000000000..c0d7ab2d2fd --- /dev/null +++ b/2020/7xxx/CVE-2020-7047.json @@ -0,0 +1,86 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7047", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wordpress-database-reset/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wordpress-database-reset/#developers" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10028", + "url": "https://wpvulndb.com/vulnerabilities/10028" + }, + { + "refsource": "MISC", + "name": "https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/", + "url": "https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7048.json b/2020/7xxx/CVE-2020-7048.json new file mode 100644 index 00000000000..50d34c4bedd --- /dev/null +++ b/2020/7xxx/CVE-2020-7048.json @@ -0,0 +1,86 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7048", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticated user to reset any table in the database to the initial WordPress set-up state (deleting all site content stored in that table), as demonstrated by a wp-admin/admin-post.php?db-reset-tables[]=comments URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wordpress-database-reset/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wordpress-database-reset/#developers" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10027", + "url": "https://wpvulndb.com/vulnerabilities/10027" + }, + { + "refsource": "MISC", + "name": "https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/", + "url": "https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin/" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:N/I:H/PR:N/S:U/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7049.json b/2020/7xxx/CVE-2020-7049.json new file mode 100644 index 00000000000..0bde58e845a --- /dev/null +++ b/2020/7xxx/CVE-2020-7049.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7049", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7050.json b/2020/7xxx/CVE-2020-7050.json new file mode 100644 index 00000000000..5e2daa9bfdd --- /dev/null +++ b/2020/7xxx/CVE-2020-7050.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7050", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7051.json b/2020/7xxx/CVE-2020-7051.json new file mode 100644 index 00000000000..5a3689796d1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7051.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7051", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7052.json b/2020/7xxx/CVE-2020-7052.json new file mode 100644 index 00000000000..67e45171233 --- /dev/null +++ b/2020/7xxx/CVE-2020-7052.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7052", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation which can result in a remote denial of service condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/research/tra-2020-04", + "url": "https://www.tenable.com/security/research/tra-2020-04" + }, + { + "refsource": "CONFIRM", + "name": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=", + "url": "https://customers.codesys.com/index.php?eID=dumpFile&t=f&f=12977&token=33f948eed0c2fd69d238d9515779be337ef7592d&download=" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7053.json b/2020/7xxx/CVE-2020-7053.json new file mode 100644 index 00000000000..7803e706c67 --- /dev/null +++ b/2020/7xxx/CVE-2020-7053.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7053", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lore.kernel.org/stable/20200114183937.12224-1-tyhicks@canonical.com", + "refsource": "MISC", + "name": "https://lore.kernel.org/stable/20200114183937.12224-1-tyhicks@canonical.com" + }, + { + "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2", + "refsource": "MISC", + "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2" + }, + { + "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7dc40713618c884bf07c030d1ab1f47a9dc1f310", + "refsource": "MISC", + "name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7dc40713618c884bf07c030d1ab1f47a9dc1f310" + }, + { + "refsource": "CONFIRM", + "name": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1859522", + "url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1859522" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7054.json b/2020/7xxx/CVE-2020-7054.json new file mode 100644 index 00000000000..32478340ce0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7054.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mz-automation/libiec61850/issues/200", + "refsource": "MISC", + "name": "https://github.com/mz-automation/libiec61850/issues/200" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7055.json b/2020/7xxx/CVE-2020-7055.json new file mode 100644 index 00000000000..3fae0270607 --- /dev/null +++ b/2020/7xxx/CVE-2020-7055.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7055", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7056.json b/2020/7xxx/CVE-2020-7056.json new file mode 100644 index 00000000000..203919e9982 --- /dev/null +++ b/2020/7xxx/CVE-2020-7056.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7056", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7057.json b/2020/7xxx/CVE-2020-7057.json new file mode 100644 index 00000000000..3d653cc2331 --- /dev/null +++ b/2020/7xxx/CVE-2020-7057.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7057", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are allowed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/hikvision-dvr-ds-7204hghi-user.html", + "url": "https://sku11army.blogspot.com/2020/01/hikvision-dvr-ds-7204hghi-user.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7058.json b/2020/7xxx/CVE-2020-7058.json new file mode 100644 index 00000000000..febc642ac5a --- /dev/null +++ b/2020/7xxx/CVE-2020-7058.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collection -> Data Input Methods -> Unix -> Ping Host. NOTE: the vendor has stated \"This is a false alarm.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Cacti/cacti/issues/3186", + "refsource": "MISC", + "name": "https://github.com/Cacti/cacti/issues/3186" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7059.json b/2020/7xxx/CVE-2020-7059.json new file mode 100644 index 00000000000..d69faee854d --- /dev/null +++ b/2020/7xxx/CVE-2020-7059.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7059", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7060.json b/2020/7xxx/CVE-2020-7060.json new file mode 100644 index 00000000000..d4a162e2587 --- /dev/null +++ b/2020/7xxx/CVE-2020-7060.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7060", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7061.json b/2020/7xxx/CVE-2020-7061.json new file mode 100644 index 00000000000..defe4b05d58 --- /dev/null +++ b/2020/7xxx/CVE-2020-7061.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7061", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7062.json b/2020/7xxx/CVE-2020-7062.json new file mode 100644 index 00000000000..0b2c29e0e4d --- /dev/null +++ b/2020/7xxx/CVE-2020-7062.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7062", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7063.json b/2020/7xxx/CVE-2020-7063.json new file mode 100644 index 00000000000..1ffaa480240 --- /dev/null +++ b/2020/7xxx/CVE-2020-7063.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7063", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7064.json b/2020/7xxx/CVE-2020-7064.json new file mode 100644 index 00000000000..5c3d8c3e0b5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7064.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7064", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7065.json b/2020/7xxx/CVE-2020-7065.json new file mode 100644 index 00000000000..10c88d8a84c --- /dev/null +++ b/2020/7xxx/CVE-2020-7065.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7065", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7066.json b/2020/7xxx/CVE-2020-7066.json new file mode 100644 index 00000000000..6a5b31dda5a --- /dev/null +++ b/2020/7xxx/CVE-2020-7066.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7066", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7067.json b/2020/7xxx/CVE-2020-7067.json new file mode 100644 index 00000000000..c4884bbc437 --- /dev/null +++ b/2020/7xxx/CVE-2020-7067.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7067", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7068.json b/2020/7xxx/CVE-2020-7068.json new file mode 100644 index 00000000000..4ea09887121 --- /dev/null +++ b/2020/7xxx/CVE-2020-7068.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7068", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7069.json b/2020/7xxx/CVE-2020-7069.json new file mode 100644 index 00000000000..fc60e4259b3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7069.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7069", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7070.json b/2020/7xxx/CVE-2020-7070.json new file mode 100644 index 00000000000..c1f97d11d8b --- /dev/null +++ b/2020/7xxx/CVE-2020-7070.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7070", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7071.json b/2020/7xxx/CVE-2020-7071.json new file mode 100644 index 00000000000..e584ee1bd52 --- /dev/null +++ b/2020/7xxx/CVE-2020-7071.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7071", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7072.json b/2020/7xxx/CVE-2020-7072.json new file mode 100644 index 00000000000..99f989602e1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7072.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7072", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7073.json b/2020/7xxx/CVE-2020-7073.json new file mode 100644 index 00000000000..d1dc5d96bd4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7073.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7073", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7074.json b/2020/7xxx/CVE-2020-7074.json new file mode 100644 index 00000000000..e4b29e9d4fe --- /dev/null +++ b/2020/7xxx/CVE-2020-7074.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7074", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7075.json b/2020/7xxx/CVE-2020-7075.json new file mode 100644 index 00000000000..9ecb576e0e9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7075.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7075", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7076.json b/2020/7xxx/CVE-2020-7076.json new file mode 100644 index 00000000000..cf446bde3a5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7076.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7076", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7077.json b/2020/7xxx/CVE-2020-7077.json new file mode 100644 index 00000000000..bc538ee73d6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7077.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7077", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7078.json b/2020/7xxx/CVE-2020-7078.json new file mode 100644 index 00000000000..6abf2387022 --- /dev/null +++ b/2020/7xxx/CVE-2020-7078.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7078", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7079.json b/2020/7xxx/CVE-2020-7079.json new file mode 100644 index 00000000000..dcbea65f30b --- /dev/null +++ b/2020/7xxx/CVE-2020-7079.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7079", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7080.json b/2020/7xxx/CVE-2020-7080.json new file mode 100644 index 00000000000..4bbc9323729 --- /dev/null +++ b/2020/7xxx/CVE-2020-7080.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7080", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7081.json b/2020/7xxx/CVE-2020-7081.json new file mode 100644 index 00000000000..af7a871c596 --- /dev/null +++ b/2020/7xxx/CVE-2020-7081.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7081", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7082.json b/2020/7xxx/CVE-2020-7082.json new file mode 100644 index 00000000000..d7260b69fb5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7082.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7082", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7083.json b/2020/7xxx/CVE-2020-7083.json new file mode 100644 index 00000000000..32686fe247a --- /dev/null +++ b/2020/7xxx/CVE-2020-7083.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7083", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7084.json b/2020/7xxx/CVE-2020-7084.json new file mode 100644 index 00000000000..bccf9a467c2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7084.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7084", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7085.json b/2020/7xxx/CVE-2020-7085.json new file mode 100644 index 00000000000..0fff041adc4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7085.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7085", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7086.json b/2020/7xxx/CVE-2020-7086.json new file mode 100644 index 00000000000..174ba247c24 --- /dev/null +++ b/2020/7xxx/CVE-2020-7086.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7086", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7087.json b/2020/7xxx/CVE-2020-7087.json new file mode 100644 index 00000000000..53db4474591 --- /dev/null +++ b/2020/7xxx/CVE-2020-7087.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7087", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7088.json b/2020/7xxx/CVE-2020-7088.json new file mode 100644 index 00000000000..5401ad850b9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7088.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7088", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7089.json b/2020/7xxx/CVE-2020-7089.json new file mode 100644 index 00000000000..80231727dd3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7089.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7089", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7090.json b/2020/7xxx/CVE-2020-7090.json new file mode 100644 index 00000000000..07ace67932f --- /dev/null +++ b/2020/7xxx/CVE-2020-7090.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7090", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7091.json b/2020/7xxx/CVE-2020-7091.json new file mode 100644 index 00000000000..5ab21a6b222 --- /dev/null +++ b/2020/7xxx/CVE-2020-7091.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7091", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7092.json b/2020/7xxx/CVE-2020-7092.json new file mode 100644 index 00000000000..034c95deee5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7092.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7092", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7093.json b/2020/7xxx/CVE-2020-7093.json new file mode 100644 index 00000000000..fafb979aaa4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7093.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7093", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7094.json b/2020/7xxx/CVE-2020-7094.json new file mode 100644 index 00000000000..6e5314b7e91 --- /dev/null +++ b/2020/7xxx/CVE-2020-7094.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7094", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7095.json b/2020/7xxx/CVE-2020-7095.json new file mode 100644 index 00000000000..eb87a89aa8c --- /dev/null +++ b/2020/7xxx/CVE-2020-7095.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7095", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7096.json b/2020/7xxx/CVE-2020-7096.json new file mode 100644 index 00000000000..b02c1ed5a42 --- /dev/null +++ b/2020/7xxx/CVE-2020-7096.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7096", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7097.json b/2020/7xxx/CVE-2020-7097.json new file mode 100644 index 00000000000..ca75d0af2e1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7097.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7097", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7098.json b/2020/7xxx/CVE-2020-7098.json new file mode 100644 index 00000000000..e93580d2a04 --- /dev/null +++ b/2020/7xxx/CVE-2020-7098.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7098", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7099.json b/2020/7xxx/CVE-2020-7099.json new file mode 100644 index 00000000000..027956f04a7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7099.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7099", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7100.json b/2020/7xxx/CVE-2020-7100.json new file mode 100644 index 00000000000..5fc13a1ea27 --- /dev/null +++ b/2020/7xxx/CVE-2020-7100.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7100", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7101.json b/2020/7xxx/CVE-2020-7101.json new file mode 100644 index 00000000000..b50d723b7f7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7101.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7101", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7102.json b/2020/7xxx/CVE-2020-7102.json new file mode 100644 index 00000000000..c1ad57a2bbc --- /dev/null +++ b/2020/7xxx/CVE-2020-7102.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7102", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7103.json b/2020/7xxx/CVE-2020-7103.json new file mode 100644 index 00000000000..806d0eb455e --- /dev/null +++ b/2020/7xxx/CVE-2020-7103.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7103", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7104.json b/2020/7xxx/CVE-2020-7104.json new file mode 100644 index 00000000000..466c64f6dbe --- /dev/null +++ b/2020/7xxx/CVE-2020-7104.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7104", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php total_questions parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10029", + "url": "https://wpvulndb.com/vulnerabilities/10029" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7105.json b/2020/7xxx/CVE-2020-7105.json new file mode 100644 index 00000000000..af830ef8a63 --- /dev/null +++ b/2020/7xxx/CVE-2020-7105.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/redis/hiredis/issues/747", + "refsource": "MISC", + "name": "https://github.com/redis/hiredis/issues/747" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7106.json b/2020/7xxx/CVE-2020-7106.json new file mode 100644 index 00000000000..f0c7f1ae1d8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7106.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7106", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Cacti/cacti/issues/3191", + "refsource": "MISC", + "name": "https://github.com/Cacti/cacti/issues/3191" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20200118 [SECURITY] [DLA 2069-1] cacti security update", + "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00014.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7107.json b/2020/7xxx/CVE-2020-7107.json new file mode 100644 index 00000000000..24d5b8b5e9c --- /dev/null +++ b/2020/7xxx/CVE-2020-7107.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7107", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/ultimate-faqs/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/ultimate-faqs/#developers" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10006", + "url": "https://wpvulndb.com/vulnerabilities/10006" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/2222959/ultimate-faqs/tags/1.8.30/Shortcodes/DisplayFAQs.php", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/2222959/ultimate-faqs/tags/1.8.30/Shortcodes/DisplayFAQs.php" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7108.json b/2020/7xxx/CVE-2020-7108.json new file mode 100644 index 00000000000..39dc2dd0818 --- /dev/null +++ b/2020/7xxx/CVE-2020-7108.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/10026", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10026" + }, + { + "url": "https://learndash.releasenotes.io/release/uCskc-version-312", + "refsource": "MISC", + "name": "https://learndash.releasenotes.io/release/uCskc-version-312" + }, + { + "url": "https://www.getastra.com/blog/911/plugin-exploit/reflected-xss-vulnerability-found-in-learndash-lms-plugin/", + "refsource": "MISC", + "name": "https://www.getastra.com/blog/911/plugin-exploit/reflected-xss-vulnerability-found-in-learndash-lms-plugin/" + }, + { + "refsource": "MISC", + "name": "https://www.jinsonvarghese.com/reflected-xss-in-learndash-wordpress-plugin/", + "url": "https://www.jinsonvarghese.com/reflected-xss-in-learndash-wordpress-plugin/" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7109.json b/2020/7xxx/CVE-2020-7109.json new file mode 100644 index 00000000000..4cfa1dc0cab --- /dev/null +++ b/2020/7xxx/CVE-2020-7109.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/elementor/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/elementor/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7110.json b/2020/7xxx/CVE-2020-7110.json new file mode 100644 index 00000000000..0c0e5c63d01 --- /dev/null +++ b/2020/7xxx/CVE-2020-7110.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7110", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7111.json b/2020/7xxx/CVE-2020-7111.json new file mode 100644 index 00000000000..744083fb065 --- /dev/null +++ b/2020/7xxx/CVE-2020-7111.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7111", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7112.json b/2020/7xxx/CVE-2020-7112.json new file mode 100644 index 00000000000..5e246b46dd3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7112.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7112", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7113.json b/2020/7xxx/CVE-2020-7113.json new file mode 100644 index 00000000000..82297effd12 --- /dev/null +++ b/2020/7xxx/CVE-2020-7113.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7113", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7114.json b/2020/7xxx/CVE-2020-7114.json new file mode 100644 index 00000000000..9b86b347e0f --- /dev/null +++ b/2020/7xxx/CVE-2020-7114.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7114", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7115.json b/2020/7xxx/CVE-2020-7115.json new file mode 100644 index 00000000000..f6e812aeb09 --- /dev/null +++ b/2020/7xxx/CVE-2020-7115.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7115", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7116.json b/2020/7xxx/CVE-2020-7116.json new file mode 100644 index 00000000000..434154e06a7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7116.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7116", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7117.json b/2020/7xxx/CVE-2020-7117.json new file mode 100644 index 00000000000..b8d88864cf0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7117.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7117", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7118.json b/2020/7xxx/CVE-2020-7118.json new file mode 100644 index 00000000000..c467398ed45 --- /dev/null +++ b/2020/7xxx/CVE-2020-7118.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7118", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7119.json b/2020/7xxx/CVE-2020-7119.json new file mode 100644 index 00000000000..ac19e247ef1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7119.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7119", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7120.json b/2020/7xxx/CVE-2020-7120.json new file mode 100644 index 00000000000..3dd59c39d6f --- /dev/null +++ b/2020/7xxx/CVE-2020-7120.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7120", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7121.json b/2020/7xxx/CVE-2020-7121.json new file mode 100644 index 00000000000..17ba5cbc608 --- /dev/null +++ b/2020/7xxx/CVE-2020-7121.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7121", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7122.json b/2020/7xxx/CVE-2020-7122.json new file mode 100644 index 00000000000..ed1c405115e --- /dev/null +++ b/2020/7xxx/CVE-2020-7122.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7122", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7123.json b/2020/7xxx/CVE-2020-7123.json new file mode 100644 index 00000000000..8b04959ff02 --- /dev/null +++ b/2020/7xxx/CVE-2020-7123.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7123", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7124.json b/2020/7xxx/CVE-2020-7124.json new file mode 100644 index 00000000000..ec9fb3be475 --- /dev/null +++ b/2020/7xxx/CVE-2020-7124.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7124", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7125.json b/2020/7xxx/CVE-2020-7125.json new file mode 100644 index 00000000000..46b970b347d --- /dev/null +++ b/2020/7xxx/CVE-2020-7125.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7125", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7126.json b/2020/7xxx/CVE-2020-7126.json new file mode 100644 index 00000000000..66f5f03de97 --- /dev/null +++ b/2020/7xxx/CVE-2020-7126.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7126", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7127.json b/2020/7xxx/CVE-2020-7127.json new file mode 100644 index 00000000000..8125a6088f8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7127.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7127", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7128.json b/2020/7xxx/CVE-2020-7128.json new file mode 100644 index 00000000000..17a901d59ae --- /dev/null +++ b/2020/7xxx/CVE-2020-7128.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7128", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7129.json b/2020/7xxx/CVE-2020-7129.json new file mode 100644 index 00000000000..2c79a3e647d --- /dev/null +++ b/2020/7xxx/CVE-2020-7129.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7129", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7130.json b/2020/7xxx/CVE-2020-7130.json new file mode 100644 index 00000000000..58d5a13f589 --- /dev/null +++ b/2020/7xxx/CVE-2020-7130.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7130", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7131.json b/2020/7xxx/CVE-2020-7131.json new file mode 100644 index 00000000000..63ebfa30bf1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7131.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7131", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7132.json b/2020/7xxx/CVE-2020-7132.json new file mode 100644 index 00000000000..4e3e1013b10 --- /dev/null +++ b/2020/7xxx/CVE-2020-7132.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7132", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7133.json b/2020/7xxx/CVE-2020-7133.json new file mode 100644 index 00000000000..5e0cd7261c0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7133.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7133", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7134.json b/2020/7xxx/CVE-2020-7134.json new file mode 100644 index 00000000000..0c4ae6f6494 --- /dev/null +++ b/2020/7xxx/CVE-2020-7134.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7134", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7135.json b/2020/7xxx/CVE-2020-7135.json new file mode 100644 index 00000000000..b8f42f53e5b --- /dev/null +++ b/2020/7xxx/CVE-2020-7135.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7135", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7136.json b/2020/7xxx/CVE-2020-7136.json new file mode 100644 index 00000000000..ffdd4f05ff2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7136.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7136", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7137.json b/2020/7xxx/CVE-2020-7137.json new file mode 100644 index 00000000000..975da46e505 --- /dev/null +++ b/2020/7xxx/CVE-2020-7137.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7137", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7138.json b/2020/7xxx/CVE-2020-7138.json new file mode 100644 index 00000000000..971f367f3d1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7138.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7138", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7139.json b/2020/7xxx/CVE-2020-7139.json new file mode 100644 index 00000000000..812fca703a2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7139.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7139", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7140.json b/2020/7xxx/CVE-2020-7140.json new file mode 100644 index 00000000000..8fac5841000 --- /dev/null +++ b/2020/7xxx/CVE-2020-7140.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7140", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7141.json b/2020/7xxx/CVE-2020-7141.json new file mode 100644 index 00000000000..b87c6301a7f --- /dev/null +++ b/2020/7xxx/CVE-2020-7141.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7141", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7142.json b/2020/7xxx/CVE-2020-7142.json new file mode 100644 index 00000000000..f8ddaaa098b --- /dev/null +++ b/2020/7xxx/CVE-2020-7142.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7142", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7143.json b/2020/7xxx/CVE-2020-7143.json new file mode 100644 index 00000000000..6bb0a7f7964 --- /dev/null +++ b/2020/7xxx/CVE-2020-7143.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7143", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7144.json b/2020/7xxx/CVE-2020-7144.json new file mode 100644 index 00000000000..9b05fc9bb54 --- /dev/null +++ b/2020/7xxx/CVE-2020-7144.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7144", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7145.json b/2020/7xxx/CVE-2020-7145.json new file mode 100644 index 00000000000..a4005bd85ff --- /dev/null +++ b/2020/7xxx/CVE-2020-7145.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7145", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7146.json b/2020/7xxx/CVE-2020-7146.json new file mode 100644 index 00000000000..b9a0d339d9a --- /dev/null +++ b/2020/7xxx/CVE-2020-7146.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7146", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7147.json b/2020/7xxx/CVE-2020-7147.json new file mode 100644 index 00000000000..d3ba762cbaf --- /dev/null +++ b/2020/7xxx/CVE-2020-7147.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7147", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7148.json b/2020/7xxx/CVE-2020-7148.json new file mode 100644 index 00000000000..e4895ef1fae --- /dev/null +++ b/2020/7xxx/CVE-2020-7148.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7148", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7149.json b/2020/7xxx/CVE-2020-7149.json new file mode 100644 index 00000000000..72585b510d7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7149.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7149", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7150.json b/2020/7xxx/CVE-2020-7150.json new file mode 100644 index 00000000000..4dd623b7b66 --- /dev/null +++ b/2020/7xxx/CVE-2020-7150.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7150", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7151.json b/2020/7xxx/CVE-2020-7151.json new file mode 100644 index 00000000000..c705a937fa0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7151.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7151", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7152.json b/2020/7xxx/CVE-2020-7152.json new file mode 100644 index 00000000000..5b23ab26549 --- /dev/null +++ b/2020/7xxx/CVE-2020-7152.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7152", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7153.json b/2020/7xxx/CVE-2020-7153.json new file mode 100644 index 00000000000..3f4587f4ad2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7153.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7153", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7154.json b/2020/7xxx/CVE-2020-7154.json new file mode 100644 index 00000000000..9aec677f3bc --- /dev/null +++ b/2020/7xxx/CVE-2020-7154.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7154", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7155.json b/2020/7xxx/CVE-2020-7155.json new file mode 100644 index 00000000000..8d44c1a723a --- /dev/null +++ b/2020/7xxx/CVE-2020-7155.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7155", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7156.json b/2020/7xxx/CVE-2020-7156.json new file mode 100644 index 00000000000..f56f32fb482 --- /dev/null +++ b/2020/7xxx/CVE-2020-7156.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7156", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7157.json b/2020/7xxx/CVE-2020-7157.json new file mode 100644 index 00000000000..6258ed71776 --- /dev/null +++ b/2020/7xxx/CVE-2020-7157.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7157", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7158.json b/2020/7xxx/CVE-2020-7158.json new file mode 100644 index 00000000000..3aee698f18f --- /dev/null +++ b/2020/7xxx/CVE-2020-7158.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7158", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7159.json b/2020/7xxx/CVE-2020-7159.json new file mode 100644 index 00000000000..7d132ed4d77 --- /dev/null +++ b/2020/7xxx/CVE-2020-7159.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7159", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7160.json b/2020/7xxx/CVE-2020-7160.json new file mode 100644 index 00000000000..4163f8406b5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7160.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7160", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7161.json b/2020/7xxx/CVE-2020-7161.json new file mode 100644 index 00000000000..c1e55a8add9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7161.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7161", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7162.json b/2020/7xxx/CVE-2020-7162.json new file mode 100644 index 00000000000..a28e4441efb --- /dev/null +++ b/2020/7xxx/CVE-2020-7162.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7162", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7163.json b/2020/7xxx/CVE-2020-7163.json new file mode 100644 index 00000000000..65a4f58ab7c --- /dev/null +++ b/2020/7xxx/CVE-2020-7163.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7163", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7164.json b/2020/7xxx/CVE-2020-7164.json new file mode 100644 index 00000000000..116459c8ece --- /dev/null +++ b/2020/7xxx/CVE-2020-7164.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7164", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7165.json b/2020/7xxx/CVE-2020-7165.json new file mode 100644 index 00000000000..eb103996f95 --- /dev/null +++ b/2020/7xxx/CVE-2020-7165.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7165", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7166.json b/2020/7xxx/CVE-2020-7166.json new file mode 100644 index 00000000000..794a6252301 --- /dev/null +++ b/2020/7xxx/CVE-2020-7166.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7166", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7167.json b/2020/7xxx/CVE-2020-7167.json new file mode 100644 index 00000000000..aa0c1ad8b18 --- /dev/null +++ b/2020/7xxx/CVE-2020-7167.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7167", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7168.json b/2020/7xxx/CVE-2020-7168.json new file mode 100644 index 00000000000..2552ceae62d --- /dev/null +++ b/2020/7xxx/CVE-2020-7168.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7168", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7169.json b/2020/7xxx/CVE-2020-7169.json new file mode 100644 index 00000000000..2f3789a80d5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7169.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7169", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7170.json b/2020/7xxx/CVE-2020-7170.json new file mode 100644 index 00000000000..1a17a5ea4a9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7170.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7170", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7171.json b/2020/7xxx/CVE-2020-7171.json new file mode 100644 index 00000000000..44850e402fe --- /dev/null +++ b/2020/7xxx/CVE-2020-7171.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7171", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7172.json b/2020/7xxx/CVE-2020-7172.json new file mode 100644 index 00000000000..d85f2f768af --- /dev/null +++ b/2020/7xxx/CVE-2020-7172.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7172", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7173.json b/2020/7xxx/CVE-2020-7173.json new file mode 100644 index 00000000000..1bd4a7b0920 --- /dev/null +++ b/2020/7xxx/CVE-2020-7173.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7173", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7174.json b/2020/7xxx/CVE-2020-7174.json new file mode 100644 index 00000000000..da937bbb429 --- /dev/null +++ b/2020/7xxx/CVE-2020-7174.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7174", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7175.json b/2020/7xxx/CVE-2020-7175.json new file mode 100644 index 00000000000..391f31b6a3c --- /dev/null +++ b/2020/7xxx/CVE-2020-7175.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7175", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7176.json b/2020/7xxx/CVE-2020-7176.json new file mode 100644 index 00000000000..609169bbad8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7176.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7176", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7177.json b/2020/7xxx/CVE-2020-7177.json new file mode 100644 index 00000000000..ae9ae38a833 --- /dev/null +++ b/2020/7xxx/CVE-2020-7177.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7177", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7178.json b/2020/7xxx/CVE-2020-7178.json new file mode 100644 index 00000000000..c38a1b5223c --- /dev/null +++ b/2020/7xxx/CVE-2020-7178.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7178", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7179.json b/2020/7xxx/CVE-2020-7179.json new file mode 100644 index 00000000000..a62b2b30d50 --- /dev/null +++ b/2020/7xxx/CVE-2020-7179.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7179", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7180.json b/2020/7xxx/CVE-2020-7180.json new file mode 100644 index 00000000000..9b66b1783de --- /dev/null +++ b/2020/7xxx/CVE-2020-7180.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7180", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7181.json b/2020/7xxx/CVE-2020-7181.json new file mode 100644 index 00000000000..4af8de4e893 --- /dev/null +++ b/2020/7xxx/CVE-2020-7181.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7181", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7182.json b/2020/7xxx/CVE-2020-7182.json new file mode 100644 index 00000000000..9a9100a838d --- /dev/null +++ b/2020/7xxx/CVE-2020-7182.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7182", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7183.json b/2020/7xxx/CVE-2020-7183.json new file mode 100644 index 00000000000..88aa9cf9c34 --- /dev/null +++ b/2020/7xxx/CVE-2020-7183.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7183", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7184.json b/2020/7xxx/CVE-2020-7184.json new file mode 100644 index 00000000000..739cc2f2e9b --- /dev/null +++ b/2020/7xxx/CVE-2020-7184.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7184", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7185.json b/2020/7xxx/CVE-2020-7185.json new file mode 100644 index 00000000000..7d476cafc64 --- /dev/null +++ b/2020/7xxx/CVE-2020-7185.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7185", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7186.json b/2020/7xxx/CVE-2020-7186.json new file mode 100644 index 00000000000..3a23dac9106 --- /dev/null +++ b/2020/7xxx/CVE-2020-7186.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7186", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7187.json b/2020/7xxx/CVE-2020-7187.json new file mode 100644 index 00000000000..671b5b71eb3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7187.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7187", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7188.json b/2020/7xxx/CVE-2020-7188.json new file mode 100644 index 00000000000..89010b57a20 --- /dev/null +++ b/2020/7xxx/CVE-2020-7188.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7188", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7189.json b/2020/7xxx/CVE-2020-7189.json new file mode 100644 index 00000000000..344d526111d --- /dev/null +++ b/2020/7xxx/CVE-2020-7189.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7189", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7190.json b/2020/7xxx/CVE-2020-7190.json new file mode 100644 index 00000000000..7d928ac6e48 --- /dev/null +++ b/2020/7xxx/CVE-2020-7190.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7190", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7191.json b/2020/7xxx/CVE-2020-7191.json new file mode 100644 index 00000000000..0498158529c --- /dev/null +++ b/2020/7xxx/CVE-2020-7191.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7191", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7192.json b/2020/7xxx/CVE-2020-7192.json new file mode 100644 index 00000000000..7dfb2c93426 --- /dev/null +++ b/2020/7xxx/CVE-2020-7192.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7192", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7193.json b/2020/7xxx/CVE-2020-7193.json new file mode 100644 index 00000000000..54550ed140e --- /dev/null +++ b/2020/7xxx/CVE-2020-7193.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7193", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7194.json b/2020/7xxx/CVE-2020-7194.json new file mode 100644 index 00000000000..4bd0a80c29e --- /dev/null +++ b/2020/7xxx/CVE-2020-7194.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7194", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7195.json b/2020/7xxx/CVE-2020-7195.json new file mode 100644 index 00000000000..4c8880cce3b --- /dev/null +++ b/2020/7xxx/CVE-2020-7195.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7195", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7196.json b/2020/7xxx/CVE-2020-7196.json new file mode 100644 index 00000000000..9fdc9fb38ac --- /dev/null +++ b/2020/7xxx/CVE-2020-7196.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7196", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7197.json b/2020/7xxx/CVE-2020-7197.json new file mode 100644 index 00000000000..8f870f5a34b --- /dev/null +++ b/2020/7xxx/CVE-2020-7197.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7197", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7198.json b/2020/7xxx/CVE-2020-7198.json new file mode 100644 index 00000000000..ff50d6543e2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7198.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7198", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7199.json b/2020/7xxx/CVE-2020-7199.json new file mode 100644 index 00000000000..f2b5ce5b30d --- /dev/null +++ b/2020/7xxx/CVE-2020-7199.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7199", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7200.json b/2020/7xxx/CVE-2020-7200.json new file mode 100644 index 00000000000..95093eee258 --- /dev/null +++ b/2020/7xxx/CVE-2020-7200.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7200", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7201.json b/2020/7xxx/CVE-2020-7201.json new file mode 100644 index 00000000000..a8338c543ed --- /dev/null +++ b/2020/7xxx/CVE-2020-7201.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7201", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7202.json b/2020/7xxx/CVE-2020-7202.json new file mode 100644 index 00000000000..1b3f371a0c7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7202.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7202", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7203.json b/2020/7xxx/CVE-2020-7203.json new file mode 100644 index 00000000000..0b9f8f23546 --- /dev/null +++ b/2020/7xxx/CVE-2020-7203.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7203", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7204.json b/2020/7xxx/CVE-2020-7204.json new file mode 100644 index 00000000000..cd253b8c649 --- /dev/null +++ b/2020/7xxx/CVE-2020-7204.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7204", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7205.json b/2020/7xxx/CVE-2020-7205.json new file mode 100644 index 00000000000..911957a5ed3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7205.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7205", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7206.json b/2020/7xxx/CVE-2020-7206.json new file mode 100644 index 00000000000..2ad46bd0228 --- /dev/null +++ b/2020/7xxx/CVE-2020-7206.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7206", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7207.json b/2020/7xxx/CVE-2020-7207.json new file mode 100644 index 00000000000..e39048d0586 --- /dev/null +++ b/2020/7xxx/CVE-2020-7207.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7207", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7208.json b/2020/7xxx/CVE-2020-7208.json new file mode 100644 index 00000000000..b43c3f7d680 --- /dev/null +++ b/2020/7xxx/CVE-2020-7208.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7208", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7209.json b/2020/7xxx/CVE-2020-7209.json new file mode 100644 index 00000000000..f4ab6412b8a --- /dev/null +++ b/2020/7xxx/CVE-2020-7209.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7209", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7210.json b/2020/7xxx/CVE-2020-7210.json new file mode 100644 index 00000000000..505e9f4aa81 --- /dev/null +++ b/2020/7xxx/CVE-2020-7210.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html", + "refsource": "MISC", + "name": "https://sec-consult.com/en/vulnerability-lab/advisories/index.html" + }, + { + "refsource": "MISC", + "name": "https://sec-consult.com/en/blog/advisories/cross-site-request-forgery-csrf-in-umbraco-cms/", + "url": "https://sec-consult.com/en/blog/advisories/cross-site-request-forgery-csrf-in-umbraco-cms/" + }, + { + "refsource": "FULLDISC", + "name": "20200123 SEC Consult SA-20200123-0 :: Cross-Site Request Forgery (CSRF) in Umbraco CMS", + "url": "http://seclists.org/fulldisclosure/2020/Jan/33" + }, + { + "refsource": "BUGTRAQ", + "name": "20200123 SEC Consult SA-20200123-0 :: Cross-Site Request Forgery (CSRF) in Umbraco CMS", + "url": "https://seclists.org/bugtraq/2020/Jan/35" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156062/Umbraco-CMS-8.2.2-Cross-Site-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/156062/Umbraco-CMS-8.2.2-Cross-Site-Request-Forgery.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7211.json b/2020/7xxx/CVE-2020-7211.json new file mode 100644 index 00000000000..9898f689aff --- /dev/null +++ b/2020/7xxx/CVE-2020-7211.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\\ directory traversal on Windows." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4" + }, + { + "refsource": "CONFIRM", + "name": "http://www.openwall.com/lists/oss-security/2020/01/17/2", + "url": "http://www.openwall.com/lists/oss-security/2020/01/17/2" + }, + { + "refsource": "DEBIAN", + "name": "Debian", + "url": "https://security-tracker.debian.org/tracker/CVE-2020-7211" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7212.json b/2020/7xxx/CVE-2020-7212.json new file mode 100644 index 00000000000..cc7936e9ae6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7212.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7212", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7213.json b/2020/7xxx/CVE-2020-7213.json new file mode 100644 index 00000000000..b4d6b458003 --- /dev/null +++ b/2020/7xxx/CVE-2020-7213.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7213", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallels_updates.xml file on the http://update.parallels.com web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://parallels.com", + "refsource": "MISC", + "name": "https://parallels.com" + }, + { + "refsource": "MISC", + "name": "http://almorabea.net/cves/cve-2020-7213.txt", + "url": "http://almorabea.net/cves/cve-2020-7213.txt" + }, + { + "refsource": "MISC", + "name": "http://almorabea.net/en/2020/01/19/write-up-for-the-parallel-vulnerability-cve-2020-7213/", + "url": "http://almorabea.net/en/2020/01/19/write-up-for-the-parallel-vulnerability-cve-2020-7213/" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7214.json b/2020/7xxx/CVE-2020-7214.json new file mode 100644 index 00000000000..3126a8f68b4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7214.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7214", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7215.json b/2020/7xxx/CVE-2020-7215.json new file mode 100644 index 00000000000..b02cf16dd64 --- /dev/null +++ b/2020/7xxx/CVE-2020-7215.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(MR5), and 8.10 before 8.10.1134(MR4). External system configuration data (used for third party integrations such as DVR systems) were logged in the Command Centre event trail. Any authenticated operator with the 'view events' privilege could see the full configuration, including cleartext usernames and passwords, under the event details of a Modified DVR System event." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://security.gallagher.com/cve-2020-7215", + "refsource": "MISC", + "name": "https://security.gallagher.com/cve-2020-7215" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7216.json b/2020/7xxx/CVE-2020-7216.json new file mode 100644 index 00000000000..6bee60a9464 --- /dev/null +++ b/2020/7xxx/CVE-2020-7216.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7216", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7217.json b/2020/7xxx/CVE-2020-7217.json new file mode 100644 index 00000000000..04dada48b1a --- /dev/null +++ b/2020/7xxx/CVE-2020-7217.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7217", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7218.json b/2020/7xxx/CVE-2020-7218.json new file mode 100644 index 00000000000..b03dad700ed --- /dev/null +++ b/2020/7xxx/CVE-2020-7218.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7218", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7219.json b/2020/7xxx/CVE-2020-7219.json new file mode 100644 index 00000000000..aab3e9a0042 --- /dev/null +++ b/2020/7xxx/CVE-2020-7219.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7219", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7220.json b/2020/7xxx/CVE-2020-7220.json new file mode 100644 index 00000000000..f66a4007b9c --- /dev/null +++ b/2020/7xxx/CVE-2020-7220.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic secrets for a mount in a deleted namespace. Fixed in 1.3.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.hashicorp.com/blog/category/vault/", + "refsource": "MISC", + "name": "https://www.hashicorp.com/blog/category/vault/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020", + "url": "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7221.json b/2020/7xxx/CVE-2020-7221.json new file mode 100644 index 00000000000..a7dc9e435e4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7221.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7221", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7222.json b/2020/7xxx/CVE-2020-7222.json new file mode 100644 index 00000000000..511b9c00655 --- /dev/null +++ b/2020/7xxx/CVE-2020-7222.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result parameter (to true) in this JavaScript code can bypass authentication and achieve limited privileges (ability to see every option but not modify them)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/amcrest-2520ac0018r-login-bypass.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/amcrest-2520ac0018r-login-bypass.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7223.json b/2020/7xxx/CVE-2020-7223.json new file mode 100644 index 00000000000..8d7011afb37 --- /dev/null +++ b/2020/7xxx/CVE-2020-7223.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7223", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7224.json b/2020/7xxx/CVE-2020-7224.json new file mode 100644 index 00000000000..71bfe4a64d8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7224.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7224", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7225.json b/2020/7xxx/CVE-2020-7225.json new file mode 100644 index 00000000000..0a78ef357f2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7225.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7225", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7226.json b/2020/7xxx/CVE-2020-7226.json new file mode 100644 index 00000000000..6b9009bd1d2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7226.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with \"new byte\" may depend on untrusted input within the header of encoded data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/vt-middleware/cryptacular/blob/master/src/main/java/org/cryptacular/CiphertextHeader.java#L153", + "refsource": "MISC", + "name": "https://github.com/vt-middleware/cryptacular/blob/master/src/main/java/org/cryptacular/CiphertextHeader.java#L153" + }, + { + "refsource": "MISC", + "name": "https://github.com/vt-middleware/cryptacular/issues/52", + "url": "https://github.com/vt-middleware/cryptacular/issues/52" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7227.json b/2020/7xxx/CVE-2020-7227.json new file mode 100644 index 00000000000..e6efafa4417 --- /dev/null +++ b/2020/7xxx/CVE-2020-7227.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, backup.asp, sys-power.asp, ifaces-wls.asp, ifaces-wls-pkt.asp, and ifaces-wls-pkt-adv.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/westermo-source-code-disclousure-in.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/westermo-source-code-disclousure-in.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7228.json b/2020/7xxx/CVE-2020-7228.json new file mode 100644 index 00000000000..0e6a526b62a --- /dev/null +++ b/2020/7xxx/CVE-2020-7228.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7228", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vulnerabilities present in the input forms. These can be exploited by an authenticated user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/calculated-fields-form/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/calculated-fields-form/#developers" + }, + { + "refsource": "MISC", + "name": "https://spider-security.co.uk/blog-cve-2020-7228", + "url": "https://spider-security.co.uk/blog-cve-2020-7228" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10043", + "url": "https://wpvulndb.com/vulnerabilities/10043" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7229.json b/2020/7xxx/CVE-2020-7229.json new file mode 100644 index 00000000000..074831f32d5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7229.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7229", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Simplejobscript.com SJS before 1.65. There is unauthenticated SQL injection via the search engine. The parameter is landing_location. The function is countSearchedJobs(). The file is _lib/class.Job.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://simplejobscript.com", + "refsource": "MISC", + "name": "https://simplejobscript.com" + }, + { + "refsource": "MISC", + "name": "https://github.com/niteosoft/simplejobscript/issues/7", + "url": "https://github.com/niteosoft/simplejobscript/issues/7" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7230.json b/2020/7xxx/CVE-2020-7230.json new file mode 100644 index 00000000000..5cf623c4684 --- /dev/null +++ b/2020/7xxx/CVE-2020-7230.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7230", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7231.json b/2020/7xxx/CVE-2020-7231.json new file mode 100644 index 00000000000..63525ba2a3c --- /dev/null +++ b/2020/7xxx/CVE-2020-7231.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/evoko-otra-sala-por-favor.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/evoko-otra-sala-por-favor.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7232.json b/2020/7xxx/CVE-2020-7232.json new file mode 100644 index 00000000000..928a366d130 --- /dev/null +++ b/2020/7xxx/CVE-2020-7232.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7232", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Evoko Home 1.31 devices allow remote attackers to obtain sensitive information (such as usernames and password hashes) via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/evoko-otra-sala-por-favor.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/evoko-otra-sala-por-favor.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7233.json b/2020/7xxx/CVE-2020-7233.json new file mode 100644 index 00000000000..dfc7989a69b --- /dev/null +++ b/2020/7xxx/CVE-2020-7233.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME variable in the BC_Logon.swf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/kms-controls-backdoor-in-bacnet.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/kms-controls-backdoor-in-bacnet.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7234.json b/2020/7xxx/CVE-2020-7234.json new file mode 100644 index 00000000000..478c9623e9d --- /dev/null +++ b/2020/7xxx/CVE-2020-7234.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration > Radio 2.4G > Wireless X screen (after a successful login to the super account)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/ruckus-wireless-authenticated-stored.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/ruckus-wireless-authenticated-stored.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7235.json b/2020/7xxx/CVE-2020-7235.json new file mode 100644 index 00000000000..9db110f6b59 --- /dev/null +++ b/2020/7xxx/CVE-2020-7235.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7235", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cB3?ta= (profile title)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/uhp-networks-multiple-reflected-xss-in.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/uhp-networks-multiple-reflected-xss-in.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7236.json b/2020/7xxx/CVE-2020-7236.json new file mode 100644 index 00000000000..ec434a27d3c --- /dev/null +++ b/2020/7xxx/CVE-2020-7236.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= (Site Name field of the Site Setup section)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/uhp-networks-multiple-reflected-xss-in.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/uhp-networks-multiple-reflected-xss-in.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7237.json b/2020/7xxx/CVE-2020-7237.json new file mode 100644 index 00000000000..ec460738fbf --- /dev/null +++ b/2020/7xxx/CVE-2020-7237.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7237", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Performance Boost Debug Log field of poller_automation.php. OS commands are executed when a new poller cycle begins. The attacker must be authenticated, and must have access to modify the Performance Settings of the product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Cacti/cacti/issues/3201", + "refsource": "MISC", + "name": "https://github.com/Cacti/cacti/issues/3201" + }, + { + "refsource": "MISC", + "name": "https://ctrsec.io/index.php/2020/01/25/cve-2020-7237-remote-code-execution-in-cacti-rrdtool/", + "url": "https://ctrsec.io/index.php/2020/01/25/cve-2020-7237-remote-code-execution-in-cacti-rrdtool/" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7238.json b/2020/7xxx/CVE-2020-7238.json new file mode 100644 index 00000000000..e099fbad858 --- /dev/null +++ b/2020/7xxx/CVE-2020-7238.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7238", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://netty.io/news/", + "refsource": "MISC", + "name": "https://netty.io/news/" + }, + { + "refsource": "MISC", + "name": "https://github.com/jdordonezn/CVE-2020-72381/issues/1", + "url": "https://github.com/jdordonezn/CVE-2020-72381/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7239.json b/2020/7xxx/CVE-2020-7239.json new file mode 100644 index 00000000000..e8316efae94 --- /dev/null +++ b/2020/7xxx/CVE-2020-7239.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is executed when a chat message containing JavaScript is sent." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/conversation-watson/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/conversation-watson/#developers" + }, + { + "refsource": "MISC", + "name": "https://www.hooperlabs.xyz/disclosures/cve-2020-7239.php", + "url": "https://www.hooperlabs.xyz/disclosures/cve-2020-7239.php" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/10035", + "url": "https://wpvulndb.com/vulnerabilities/10035" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7240.json b/2020/7xxx/CVE-2020-7240.json new file mode 100644 index 00000000000..b93df28473c --- /dev/null +++ b/2020/7xxx/CVE-2020-7240.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7240", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to execute arbitrary OS commands by editing the /config/netconf.cmd script (aka Extended Network Configuration)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/heinberg-lantime-m1000-rce.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/heinberg-lantime-m1000-rce.html" + }, + { + "url": "https://sku11army.blogspot.com/2020/01/meinberg-lantime-m1000-rce.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/meinberg-lantime-m1000-rce.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7241.json b/2020/7xxx/CVE-2020-7241.json new file mode 100644 index 00000000000..6dfcebe69c4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7241.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wp-database-backup/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-database-backup/#developers" + }, + { + "url": "https://github.com/V1n1v131r4/Exploiting-WP-Database-Backup-WordPress-Plugin/blob/master/README.md", + "refsource": "MISC", + "name": "https://github.com/V1n1v131r4/Exploiting-WP-Database-Backup-WordPress-Plugin/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7242.json b/2020/7xxx/CVE-2020-7242.json new file mode 100644 index 00000000000..fc2e3662da4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7242.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7242", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/comtech-authenticated-rce-on-comtech.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/comtech-authenticated-rce-on-comtech.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7243.json b/2020/7xxx/CVE-2020-7243.json new file mode 100644 index 00000000000..daa7357efe2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7243.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/comtech-multiple-authenticated-rce-on.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/comtech-multiple-authenticated-rce-on.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7244.json b/2020/7xxx/CVE-2020-7244.json new file mode 100644 index 00000000000..4bcf72604b5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7244.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router IP Address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/comtech-multiple-authenticated-rce-on.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/comtech-multiple-authenticated-rce-on.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7245.json b/2020/7xxx/CVE-2020-7245.json new file mode 100644 index 00000000000..89d9427690b --- /dev/null +++ b/2020/7xxx/CVE-2020-7245.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled on the CTFd instance. To exploit the vulnerability, one must register with a username identical to the victim's username, but with white space inserted before and/or after the username. This will register the account with the same username as the victim. After initiating a password reset for the new account, CTFd will reset the victim's account password due to the username collision." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/CTFd/CTFd/pull/1218", + "refsource": "MISC", + "name": "https://github.com/CTFd/CTFd/pull/1218" + }, + { + "refsource": "MISC", + "name": "https://github.com/CTFd/CTFd/releases/tag/2.2.3", + "url": "https://github.com/CTFd/CTFd/releases/tag/2.2.3" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7246.json b/2020/7xxx/CVE-2020-7246.json new file mode 100644 index 00000000000..c8377064df7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7246.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://docs.google.com/document/d/13ZZSm0DL1Ie6r_fU5ZdDKGZ4defFqiFXMG--zDo8S10/edit?usp=sharing", + "refsource": "MISC", + "name": "https://docs.google.com/document/d/13ZZSm0DL1Ie6r_fU5ZdDKGZ4defFqiFXMG--zDo8S10/edit?usp=sharing" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156063/qdPM-9.1-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/156063/qdPM-9.1-Remote-Code-Execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7247.json b/2020/7xxx/CVE-2020-7247.json new file mode 100644 index 00000000000..7795c5ec6f8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7247.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7247", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7248.json b/2020/7xxx/CVE-2020-7248.json new file mode 100644 index 00000000000..3d6777b0b8e --- /dev/null +++ b/2020/7xxx/CVE-2020-7248.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7248", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7249.json b/2020/7xxx/CVE-2020-7249.json new file mode 100644 index 00000000000..4926da11a16 --- /dev/null +++ b/2020/7xxx/CVE-2020-7249.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on the WiFi Network Configuration page (after a successful login to the admin account)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/smc-networks-stored-cross-site.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/smc-networks-stored-cross-site.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7250.json b/2020/7xxx/CVE-2020-7250.json new file mode 100644 index 00000000000..f6e91b3bce1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7250.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7250", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7251.json b/2020/7xxx/CVE-2020-7251.json new file mode 100644 index 00000000000..66934669134 --- /dev/null +++ b/2020/7xxx/CVE-2020-7251.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7251", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7252.json b/2020/7xxx/CVE-2020-7252.json new file mode 100644 index 00000000000..5349af8620f --- /dev/null +++ b/2020/7xxx/CVE-2020-7252.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7252", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7253.json b/2020/7xxx/CVE-2020-7253.json new file mode 100644 index 00000000000..08435521e88 --- /dev/null +++ b/2020/7xxx/CVE-2020-7253.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7253", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7254.json b/2020/7xxx/CVE-2020-7254.json new file mode 100644 index 00000000000..1453e5d6f9f --- /dev/null +++ b/2020/7xxx/CVE-2020-7254.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7254", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7255.json b/2020/7xxx/CVE-2020-7255.json new file mode 100644 index 00000000000..d70b40af5cd --- /dev/null +++ b/2020/7xxx/CVE-2020-7255.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7255", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7256.json b/2020/7xxx/CVE-2020-7256.json new file mode 100644 index 00000000000..eda6b369f4a --- /dev/null +++ b/2020/7xxx/CVE-2020-7256.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7256", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7257.json b/2020/7xxx/CVE-2020-7257.json new file mode 100644 index 00000000000..020455b156a --- /dev/null +++ b/2020/7xxx/CVE-2020-7257.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7257", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7258.json b/2020/7xxx/CVE-2020-7258.json new file mode 100644 index 00000000000..781eaa80457 --- /dev/null +++ b/2020/7xxx/CVE-2020-7258.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7258", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7259.json b/2020/7xxx/CVE-2020-7259.json new file mode 100644 index 00000000000..9b35ab5337b --- /dev/null +++ b/2020/7xxx/CVE-2020-7259.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7259", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7260.json b/2020/7xxx/CVE-2020-7260.json new file mode 100644 index 00000000000..a9c1c545528 --- /dev/null +++ b/2020/7xxx/CVE-2020-7260.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7260", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7261.json b/2020/7xxx/CVE-2020-7261.json new file mode 100644 index 00000000000..9f372436638 --- /dev/null +++ b/2020/7xxx/CVE-2020-7261.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7261", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7262.json b/2020/7xxx/CVE-2020-7262.json new file mode 100644 index 00000000000..b8df8c0d43d --- /dev/null +++ b/2020/7xxx/CVE-2020-7262.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7262", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7263.json b/2020/7xxx/CVE-2020-7263.json new file mode 100644 index 00000000000..859c55365a3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7263.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7263", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7264.json b/2020/7xxx/CVE-2020-7264.json new file mode 100644 index 00000000000..ea1f884d74b --- /dev/null +++ b/2020/7xxx/CVE-2020-7264.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7264", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7265.json b/2020/7xxx/CVE-2020-7265.json new file mode 100644 index 00000000000..2f16c0c75dd --- /dev/null +++ b/2020/7xxx/CVE-2020-7265.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7265", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7266.json b/2020/7xxx/CVE-2020-7266.json new file mode 100644 index 00000000000..64bc39f413a --- /dev/null +++ b/2020/7xxx/CVE-2020-7266.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7266", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7267.json b/2020/7xxx/CVE-2020-7267.json new file mode 100644 index 00000000000..dcccf8e9336 --- /dev/null +++ b/2020/7xxx/CVE-2020-7267.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7267", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7268.json b/2020/7xxx/CVE-2020-7268.json new file mode 100644 index 00000000000..7761e132651 --- /dev/null +++ b/2020/7xxx/CVE-2020-7268.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7268", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7269.json b/2020/7xxx/CVE-2020-7269.json new file mode 100644 index 00000000000..7ce555d0d67 --- /dev/null +++ b/2020/7xxx/CVE-2020-7269.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7269", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7270.json b/2020/7xxx/CVE-2020-7270.json new file mode 100644 index 00000000000..62762836bf9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7270.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7270", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7271.json b/2020/7xxx/CVE-2020-7271.json new file mode 100644 index 00000000000..b8d43e8ac9d --- /dev/null +++ b/2020/7xxx/CVE-2020-7271.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7271", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7272.json b/2020/7xxx/CVE-2020-7272.json new file mode 100644 index 00000000000..fb7a704f00e --- /dev/null +++ b/2020/7xxx/CVE-2020-7272.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7272", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7273.json b/2020/7xxx/CVE-2020-7273.json new file mode 100644 index 00000000000..baa4b76a4f1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7273.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7273", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7274.json b/2020/7xxx/CVE-2020-7274.json new file mode 100644 index 00000000000..401bdcebd9e --- /dev/null +++ b/2020/7xxx/CVE-2020-7274.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7274", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7275.json b/2020/7xxx/CVE-2020-7275.json new file mode 100644 index 00000000000..eadd7531b3b --- /dev/null +++ b/2020/7xxx/CVE-2020-7275.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7275", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7276.json b/2020/7xxx/CVE-2020-7276.json new file mode 100644 index 00000000000..998c7d49cb7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7276.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7276", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7277.json b/2020/7xxx/CVE-2020-7277.json new file mode 100644 index 00000000000..f4dc9285dbf --- /dev/null +++ b/2020/7xxx/CVE-2020-7277.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7277", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7278.json b/2020/7xxx/CVE-2020-7278.json new file mode 100644 index 00000000000..b3a4b8d5f8e --- /dev/null +++ b/2020/7xxx/CVE-2020-7278.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7278", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7279.json b/2020/7xxx/CVE-2020-7279.json new file mode 100644 index 00000000000..b0256c962c7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7279.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7279", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7280.json b/2020/7xxx/CVE-2020-7280.json new file mode 100644 index 00000000000..2face22a886 --- /dev/null +++ b/2020/7xxx/CVE-2020-7280.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7280", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7281.json b/2020/7xxx/CVE-2020-7281.json new file mode 100644 index 00000000000..55767defa42 --- /dev/null +++ b/2020/7xxx/CVE-2020-7281.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7281", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7282.json b/2020/7xxx/CVE-2020-7282.json new file mode 100644 index 00000000000..2574528aec3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7282.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7282", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7283.json b/2020/7xxx/CVE-2020-7283.json new file mode 100644 index 00000000000..405fd22acbb --- /dev/null +++ b/2020/7xxx/CVE-2020-7283.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7283", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7284.json b/2020/7xxx/CVE-2020-7284.json new file mode 100644 index 00000000000..8205881a2c4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7284.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7284", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7285.json b/2020/7xxx/CVE-2020-7285.json new file mode 100644 index 00000000000..db4415371e6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7285.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7285", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7286.json b/2020/7xxx/CVE-2020-7286.json new file mode 100644 index 00000000000..cf7f3fdcf79 --- /dev/null +++ b/2020/7xxx/CVE-2020-7286.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7286", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7287.json b/2020/7xxx/CVE-2020-7287.json new file mode 100644 index 00000000000..34feb33009d --- /dev/null +++ b/2020/7xxx/CVE-2020-7287.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7287", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7288.json b/2020/7xxx/CVE-2020-7288.json new file mode 100644 index 00000000000..d4230331984 --- /dev/null +++ b/2020/7xxx/CVE-2020-7288.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7288", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7289.json b/2020/7xxx/CVE-2020-7289.json new file mode 100644 index 00000000000..81e951dcf4b --- /dev/null +++ b/2020/7xxx/CVE-2020-7289.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7289", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7290.json b/2020/7xxx/CVE-2020-7290.json new file mode 100644 index 00000000000..429f5907789 --- /dev/null +++ b/2020/7xxx/CVE-2020-7290.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7290", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7291.json b/2020/7xxx/CVE-2020-7291.json new file mode 100644 index 00000000000..08a4eed90ae --- /dev/null +++ b/2020/7xxx/CVE-2020-7291.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7291", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7292.json b/2020/7xxx/CVE-2020-7292.json new file mode 100644 index 00000000000..371c3c6ea7b --- /dev/null +++ b/2020/7xxx/CVE-2020-7292.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7292", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7293.json b/2020/7xxx/CVE-2020-7293.json new file mode 100644 index 00000000000..83bd865d6a3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7293.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7293", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7294.json b/2020/7xxx/CVE-2020-7294.json new file mode 100644 index 00000000000..c40a0f723db --- /dev/null +++ b/2020/7xxx/CVE-2020-7294.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7294", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7295.json b/2020/7xxx/CVE-2020-7295.json new file mode 100644 index 00000000000..6db86f973f7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7295.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7295", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7296.json b/2020/7xxx/CVE-2020-7296.json new file mode 100644 index 00000000000..3913bf86a9f --- /dev/null +++ b/2020/7xxx/CVE-2020-7296.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7296", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7297.json b/2020/7xxx/CVE-2020-7297.json new file mode 100644 index 00000000000..bd3529bd3f2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7297.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7297", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7298.json b/2020/7xxx/CVE-2020-7298.json new file mode 100644 index 00000000000..56148a66a4c --- /dev/null +++ b/2020/7xxx/CVE-2020-7298.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7298", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7299.json b/2020/7xxx/CVE-2020-7299.json new file mode 100644 index 00000000000..97b01d3b45c --- /dev/null +++ b/2020/7xxx/CVE-2020-7299.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7299", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7300.json b/2020/7xxx/CVE-2020-7300.json new file mode 100644 index 00000000000..243f9a9b5bb --- /dev/null +++ b/2020/7xxx/CVE-2020-7300.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7300", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7301.json b/2020/7xxx/CVE-2020-7301.json new file mode 100644 index 00000000000..7aad6d012df --- /dev/null +++ b/2020/7xxx/CVE-2020-7301.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7301", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7302.json b/2020/7xxx/CVE-2020-7302.json new file mode 100644 index 00000000000..9edb753ae13 --- /dev/null +++ b/2020/7xxx/CVE-2020-7302.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7302", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7303.json b/2020/7xxx/CVE-2020-7303.json new file mode 100644 index 00000000000..c7620524304 --- /dev/null +++ b/2020/7xxx/CVE-2020-7303.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7303", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7304.json b/2020/7xxx/CVE-2020-7304.json new file mode 100644 index 00000000000..ab2af32d0ec --- /dev/null +++ b/2020/7xxx/CVE-2020-7304.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7304", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7305.json b/2020/7xxx/CVE-2020-7305.json new file mode 100644 index 00000000000..0e0332c6410 --- /dev/null +++ b/2020/7xxx/CVE-2020-7305.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7305", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7306.json b/2020/7xxx/CVE-2020-7306.json new file mode 100644 index 00000000000..93eb940454f --- /dev/null +++ b/2020/7xxx/CVE-2020-7306.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7306", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7307.json b/2020/7xxx/CVE-2020-7307.json new file mode 100644 index 00000000000..6e969f89ae0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7307.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7307", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7308.json b/2020/7xxx/CVE-2020-7308.json new file mode 100644 index 00000000000..a861bde2e6c --- /dev/null +++ b/2020/7xxx/CVE-2020-7308.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7308", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7309.json b/2020/7xxx/CVE-2020-7309.json new file mode 100644 index 00000000000..950738f1986 --- /dev/null +++ b/2020/7xxx/CVE-2020-7309.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7309", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7310.json b/2020/7xxx/CVE-2020-7310.json new file mode 100644 index 00000000000..dd4b820f8bc --- /dev/null +++ b/2020/7xxx/CVE-2020-7310.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7310", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7311.json b/2020/7xxx/CVE-2020-7311.json new file mode 100644 index 00000000000..1049f6ed228 --- /dev/null +++ b/2020/7xxx/CVE-2020-7311.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7311", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7312.json b/2020/7xxx/CVE-2020-7312.json new file mode 100644 index 00000000000..99f056a4e14 --- /dev/null +++ b/2020/7xxx/CVE-2020-7312.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7312", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7313.json b/2020/7xxx/CVE-2020-7313.json new file mode 100644 index 00000000000..679d9a2f75c --- /dev/null +++ b/2020/7xxx/CVE-2020-7313.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7313", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7314.json b/2020/7xxx/CVE-2020-7314.json new file mode 100644 index 00000000000..5acaea9c85a --- /dev/null +++ b/2020/7xxx/CVE-2020-7314.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7314", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7315.json b/2020/7xxx/CVE-2020-7315.json new file mode 100644 index 00000000000..1c327711fa4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7315.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7315", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7316.json b/2020/7xxx/CVE-2020-7316.json new file mode 100644 index 00000000000..e3b3934ed73 --- /dev/null +++ b/2020/7xxx/CVE-2020-7316.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7316", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7317.json b/2020/7xxx/CVE-2020-7317.json new file mode 100644 index 00000000000..3f9af0891a2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7317.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7317", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7318.json b/2020/7xxx/CVE-2020-7318.json new file mode 100644 index 00000000000..3681905408c --- /dev/null +++ b/2020/7xxx/CVE-2020-7318.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7318", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7319.json b/2020/7xxx/CVE-2020-7319.json new file mode 100644 index 00000000000..7b493e10aba --- /dev/null +++ b/2020/7xxx/CVE-2020-7319.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7319", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7320.json b/2020/7xxx/CVE-2020-7320.json new file mode 100644 index 00000000000..d3e9dcac5c1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7320.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7320", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7321.json b/2020/7xxx/CVE-2020-7321.json new file mode 100644 index 00000000000..c795da4bd7f --- /dev/null +++ b/2020/7xxx/CVE-2020-7321.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7321", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7322.json b/2020/7xxx/CVE-2020-7322.json new file mode 100644 index 00000000000..06367131027 --- /dev/null +++ b/2020/7xxx/CVE-2020-7322.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7322", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7323.json b/2020/7xxx/CVE-2020-7323.json new file mode 100644 index 00000000000..25669ef3c66 --- /dev/null +++ b/2020/7xxx/CVE-2020-7323.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7323", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7324.json b/2020/7xxx/CVE-2020-7324.json new file mode 100644 index 00000000000..6b14dc416b3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7324.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7324", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7325.json b/2020/7xxx/CVE-2020-7325.json new file mode 100644 index 00000000000..2484590db84 --- /dev/null +++ b/2020/7xxx/CVE-2020-7325.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7325", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7326.json b/2020/7xxx/CVE-2020-7326.json new file mode 100644 index 00000000000..cb71dcf4aaf --- /dev/null +++ b/2020/7xxx/CVE-2020-7326.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7326", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7327.json b/2020/7xxx/CVE-2020-7327.json new file mode 100644 index 00000000000..23359926807 --- /dev/null +++ b/2020/7xxx/CVE-2020-7327.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7327", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7328.json b/2020/7xxx/CVE-2020-7328.json new file mode 100644 index 00000000000..8dbf6e27015 --- /dev/null +++ b/2020/7xxx/CVE-2020-7328.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7328", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7329.json b/2020/7xxx/CVE-2020-7329.json new file mode 100644 index 00000000000..04de6b2db80 --- /dev/null +++ b/2020/7xxx/CVE-2020-7329.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7329", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7330.json b/2020/7xxx/CVE-2020-7330.json new file mode 100644 index 00000000000..e4c8b42ac15 --- /dev/null +++ b/2020/7xxx/CVE-2020-7330.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7330", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7331.json b/2020/7xxx/CVE-2020-7331.json new file mode 100644 index 00000000000..953773b3448 --- /dev/null +++ b/2020/7xxx/CVE-2020-7331.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7331", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7332.json b/2020/7xxx/CVE-2020-7332.json new file mode 100644 index 00000000000..5dd5326c057 --- /dev/null +++ b/2020/7xxx/CVE-2020-7332.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7332", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7333.json b/2020/7xxx/CVE-2020-7333.json new file mode 100644 index 00000000000..547d058c625 --- /dev/null +++ b/2020/7xxx/CVE-2020-7333.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7333", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7334.json b/2020/7xxx/CVE-2020-7334.json new file mode 100644 index 00000000000..a48c5fd0088 --- /dev/null +++ b/2020/7xxx/CVE-2020-7334.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7334", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7335.json b/2020/7xxx/CVE-2020-7335.json new file mode 100644 index 00000000000..d4c7d067d74 --- /dev/null +++ b/2020/7xxx/CVE-2020-7335.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7335", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7336.json b/2020/7xxx/CVE-2020-7336.json new file mode 100644 index 00000000000..ebbbe8c8979 --- /dev/null +++ b/2020/7xxx/CVE-2020-7336.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7336", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7337.json b/2020/7xxx/CVE-2020-7337.json new file mode 100644 index 00000000000..99c5c8b3420 --- /dev/null +++ b/2020/7xxx/CVE-2020-7337.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7337", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7338.json b/2020/7xxx/CVE-2020-7338.json new file mode 100644 index 00000000000..77215ce5e36 --- /dev/null +++ b/2020/7xxx/CVE-2020-7338.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7338", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7339.json b/2020/7xxx/CVE-2020-7339.json new file mode 100644 index 00000000000..35e1753c274 --- /dev/null +++ b/2020/7xxx/CVE-2020-7339.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7339", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7340.json b/2020/7xxx/CVE-2020-7340.json new file mode 100644 index 00000000000..100c43f4ce1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7340.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7340", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7341.json b/2020/7xxx/CVE-2020-7341.json new file mode 100644 index 00000000000..9518f45a301 --- /dev/null +++ b/2020/7xxx/CVE-2020-7341.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7341", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7342.json b/2020/7xxx/CVE-2020-7342.json new file mode 100644 index 00000000000..2c21d9623e7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7342.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7342", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7343.json b/2020/7xxx/CVE-2020-7343.json new file mode 100644 index 00000000000..1f245097a01 --- /dev/null +++ b/2020/7xxx/CVE-2020-7343.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7343", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7344.json b/2020/7xxx/CVE-2020-7344.json new file mode 100644 index 00000000000..5ba85020438 --- /dev/null +++ b/2020/7xxx/CVE-2020-7344.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7344", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7345.json b/2020/7xxx/CVE-2020-7345.json new file mode 100644 index 00000000000..70b3224ecc4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7345.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7345", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7346.json b/2020/7xxx/CVE-2020-7346.json new file mode 100644 index 00000000000..35959ef70df --- /dev/null +++ b/2020/7xxx/CVE-2020-7346.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7346", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7347.json b/2020/7xxx/CVE-2020-7347.json new file mode 100644 index 00000000000..5fc06568be6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7347.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7347", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7348.json b/2020/7xxx/CVE-2020-7348.json new file mode 100644 index 00000000000..eb145a160a2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7348.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7348", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7349.json b/2020/7xxx/CVE-2020-7349.json new file mode 100644 index 00000000000..e4059ed69ac --- /dev/null +++ b/2020/7xxx/CVE-2020-7349.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7349", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7350.json b/2020/7xxx/CVE-2020-7350.json new file mode 100644 index 00000000000..2d41bb29219 --- /dev/null +++ b/2020/7xxx/CVE-2020-7350.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7350", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7351.json b/2020/7xxx/CVE-2020-7351.json new file mode 100644 index 00000000000..49e9ffa6521 --- /dev/null +++ b/2020/7xxx/CVE-2020-7351.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7351", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7352.json b/2020/7xxx/CVE-2020-7352.json new file mode 100644 index 00000000000..c76445e2718 --- /dev/null +++ b/2020/7xxx/CVE-2020-7352.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7352", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7353.json b/2020/7xxx/CVE-2020-7353.json new file mode 100644 index 00000000000..e9f50b89221 --- /dev/null +++ b/2020/7xxx/CVE-2020-7353.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7353", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7354.json b/2020/7xxx/CVE-2020-7354.json new file mode 100644 index 00000000000..fdb55e642c8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7354.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7354", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7355.json b/2020/7xxx/CVE-2020-7355.json new file mode 100644 index 00000000000..6363f7673d6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7355.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7355", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7356.json b/2020/7xxx/CVE-2020-7356.json new file mode 100644 index 00000000000..9a4a82d24ae --- /dev/null +++ b/2020/7xxx/CVE-2020-7356.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7356", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7357.json b/2020/7xxx/CVE-2020-7357.json new file mode 100644 index 00000000000..9514f2102b4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7357.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7357", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7358.json b/2020/7xxx/CVE-2020-7358.json new file mode 100644 index 00000000000..39a05d42c33 --- /dev/null +++ b/2020/7xxx/CVE-2020-7358.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7358", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7359.json b/2020/7xxx/CVE-2020-7359.json new file mode 100644 index 00000000000..caac249b871 --- /dev/null +++ b/2020/7xxx/CVE-2020-7359.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7359", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7360.json b/2020/7xxx/CVE-2020-7360.json new file mode 100644 index 00000000000..2ea0cb38419 --- /dev/null +++ b/2020/7xxx/CVE-2020-7360.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7360", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7361.json b/2020/7xxx/CVE-2020-7361.json new file mode 100644 index 00000000000..ddf5fa86ce7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7361.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7361", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7362.json b/2020/7xxx/CVE-2020-7362.json new file mode 100644 index 00000000000..20ce842535b --- /dev/null +++ b/2020/7xxx/CVE-2020-7362.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7362", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7363.json b/2020/7xxx/CVE-2020-7363.json new file mode 100644 index 00000000000..e6a4c52ac95 --- /dev/null +++ b/2020/7xxx/CVE-2020-7363.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7363", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7364.json b/2020/7xxx/CVE-2020-7364.json new file mode 100644 index 00000000000..3d14a9b7427 --- /dev/null +++ b/2020/7xxx/CVE-2020-7364.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7364", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7365.json b/2020/7xxx/CVE-2020-7365.json new file mode 100644 index 00000000000..255dc979b1c --- /dev/null +++ b/2020/7xxx/CVE-2020-7365.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7365", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7366.json b/2020/7xxx/CVE-2020-7366.json new file mode 100644 index 00000000000..d5628e3e5ea --- /dev/null +++ b/2020/7xxx/CVE-2020-7366.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7366", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7367.json b/2020/7xxx/CVE-2020-7367.json new file mode 100644 index 00000000000..2cec6ce3bc4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7367.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7367", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7368.json b/2020/7xxx/CVE-2020-7368.json new file mode 100644 index 00000000000..bc2f319bdb7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7368.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7368", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7369.json b/2020/7xxx/CVE-2020-7369.json new file mode 100644 index 00000000000..4985a2091b9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7369.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7369", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7370.json b/2020/7xxx/CVE-2020-7370.json new file mode 100644 index 00000000000..cc1789412f8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7370.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7370", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7371.json b/2020/7xxx/CVE-2020-7371.json new file mode 100644 index 00000000000..2c8ee5c1820 --- /dev/null +++ b/2020/7xxx/CVE-2020-7371.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7371", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7372.json b/2020/7xxx/CVE-2020-7372.json new file mode 100644 index 00000000000..39a4151eb6b --- /dev/null +++ b/2020/7xxx/CVE-2020-7372.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7372", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7373.json b/2020/7xxx/CVE-2020-7373.json new file mode 100644 index 00000000000..fe202d1d443 --- /dev/null +++ b/2020/7xxx/CVE-2020-7373.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7373", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7374.json b/2020/7xxx/CVE-2020-7374.json new file mode 100644 index 00000000000..8d93c97bc1a --- /dev/null +++ b/2020/7xxx/CVE-2020-7374.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7374", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7375.json b/2020/7xxx/CVE-2020-7375.json new file mode 100644 index 00000000000..ce44eb698e1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7375.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7375", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7376.json b/2020/7xxx/CVE-2020-7376.json new file mode 100644 index 00000000000..51da92348a6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7376.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7376", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7377.json b/2020/7xxx/CVE-2020-7377.json new file mode 100644 index 00000000000..6318f4db939 --- /dev/null +++ b/2020/7xxx/CVE-2020-7377.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7377", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7378.json b/2020/7xxx/CVE-2020-7378.json new file mode 100644 index 00000000000..3461877edad --- /dev/null +++ b/2020/7xxx/CVE-2020-7378.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7378", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7379.json b/2020/7xxx/CVE-2020-7379.json new file mode 100644 index 00000000000..be0a41c573e --- /dev/null +++ b/2020/7xxx/CVE-2020-7379.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7379", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7380.json b/2020/7xxx/CVE-2020-7380.json new file mode 100644 index 00000000000..6152f1046f8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7380.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7380", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7381.json b/2020/7xxx/CVE-2020-7381.json new file mode 100644 index 00000000000..e0a09040a1a --- /dev/null +++ b/2020/7xxx/CVE-2020-7381.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7381", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7382.json b/2020/7xxx/CVE-2020-7382.json new file mode 100644 index 00000000000..e5f52634ee4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7382.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7382", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7383.json b/2020/7xxx/CVE-2020-7383.json new file mode 100644 index 00000000000..3f55e912336 --- /dev/null +++ b/2020/7xxx/CVE-2020-7383.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7383", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7384.json b/2020/7xxx/CVE-2020-7384.json new file mode 100644 index 00000000000..b701e95a718 --- /dev/null +++ b/2020/7xxx/CVE-2020-7384.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7384", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7385.json b/2020/7xxx/CVE-2020-7385.json new file mode 100644 index 00000000000..3b2e590f654 --- /dev/null +++ b/2020/7xxx/CVE-2020-7385.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7385", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7386.json b/2020/7xxx/CVE-2020-7386.json new file mode 100644 index 00000000000..035f3dff5a6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7386.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7386", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7387.json b/2020/7xxx/CVE-2020-7387.json new file mode 100644 index 00000000000..52b471b967c --- /dev/null +++ b/2020/7xxx/CVE-2020-7387.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7387", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7388.json b/2020/7xxx/CVE-2020-7388.json new file mode 100644 index 00000000000..d4eb0680021 --- /dev/null +++ b/2020/7xxx/CVE-2020-7388.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7388", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7389.json b/2020/7xxx/CVE-2020-7389.json new file mode 100644 index 00000000000..c317ba5201b --- /dev/null +++ b/2020/7xxx/CVE-2020-7389.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7389", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7390.json b/2020/7xxx/CVE-2020-7390.json new file mode 100644 index 00000000000..f3e0885e105 --- /dev/null +++ b/2020/7xxx/CVE-2020-7390.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7390", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7391.json b/2020/7xxx/CVE-2020-7391.json new file mode 100644 index 00000000000..6b5f26f3ba6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7391.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7391", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7392.json b/2020/7xxx/CVE-2020-7392.json new file mode 100644 index 00000000000..c459d67cf5d --- /dev/null +++ b/2020/7xxx/CVE-2020-7392.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7392", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7393.json b/2020/7xxx/CVE-2020-7393.json new file mode 100644 index 00000000000..cca9ed0b872 --- /dev/null +++ b/2020/7xxx/CVE-2020-7393.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7393", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7394.json b/2020/7xxx/CVE-2020-7394.json new file mode 100644 index 00000000000..35cfe725535 --- /dev/null +++ b/2020/7xxx/CVE-2020-7394.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7394", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7395.json b/2020/7xxx/CVE-2020-7395.json new file mode 100644 index 00000000000..a93ec4a7f5b --- /dev/null +++ b/2020/7xxx/CVE-2020-7395.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7395", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7396.json b/2020/7xxx/CVE-2020-7396.json new file mode 100644 index 00000000000..4df142efbe6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7396.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7396", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7397.json b/2020/7xxx/CVE-2020-7397.json new file mode 100644 index 00000000000..dcff57eecd7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7397.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7397", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7398.json b/2020/7xxx/CVE-2020-7398.json new file mode 100644 index 00000000000..f9fd35ff5bf --- /dev/null +++ b/2020/7xxx/CVE-2020-7398.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7398", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7399.json b/2020/7xxx/CVE-2020-7399.json new file mode 100644 index 00000000000..ea1a2af80d4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7399.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7399", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7400.json b/2020/7xxx/CVE-2020-7400.json new file mode 100644 index 00000000000..47929f542e4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7400.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7400", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7401.json b/2020/7xxx/CVE-2020-7401.json new file mode 100644 index 00000000000..5bba0292dd1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7401.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7401", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7402.json b/2020/7xxx/CVE-2020-7402.json new file mode 100644 index 00000000000..ba70cb340c3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7402.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7402", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7403.json b/2020/7xxx/CVE-2020-7403.json new file mode 100644 index 00000000000..27093e3f161 --- /dev/null +++ b/2020/7xxx/CVE-2020-7403.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7403", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7404.json b/2020/7xxx/CVE-2020-7404.json new file mode 100644 index 00000000000..afea7dfa54c --- /dev/null +++ b/2020/7xxx/CVE-2020-7404.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7404", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7405.json b/2020/7xxx/CVE-2020-7405.json new file mode 100644 index 00000000000..fb6ad3373db --- /dev/null +++ b/2020/7xxx/CVE-2020-7405.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7405", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7406.json b/2020/7xxx/CVE-2020-7406.json new file mode 100644 index 00000000000..24b7e61f2f7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7406.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7406", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7407.json b/2020/7xxx/CVE-2020-7407.json new file mode 100644 index 00000000000..455f3a5d933 --- /dev/null +++ b/2020/7xxx/CVE-2020-7407.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7407", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7408.json b/2020/7xxx/CVE-2020-7408.json new file mode 100644 index 00000000000..0767d94276b --- /dev/null +++ b/2020/7xxx/CVE-2020-7408.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7408", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7409.json b/2020/7xxx/CVE-2020-7409.json new file mode 100644 index 00000000000..476a6b343ec --- /dev/null +++ b/2020/7xxx/CVE-2020-7409.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7409", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7410.json b/2020/7xxx/CVE-2020-7410.json new file mode 100644 index 00000000000..0be7f999365 --- /dev/null +++ b/2020/7xxx/CVE-2020-7410.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7410", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7411.json b/2020/7xxx/CVE-2020-7411.json new file mode 100644 index 00000000000..46eeece8280 --- /dev/null +++ b/2020/7xxx/CVE-2020-7411.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7411", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7412.json b/2020/7xxx/CVE-2020-7412.json new file mode 100644 index 00000000000..eda7ad24719 --- /dev/null +++ b/2020/7xxx/CVE-2020-7412.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7412", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7413.json b/2020/7xxx/CVE-2020-7413.json new file mode 100644 index 00000000000..e62122ca988 --- /dev/null +++ b/2020/7xxx/CVE-2020-7413.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7413", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7414.json b/2020/7xxx/CVE-2020-7414.json new file mode 100644 index 00000000000..43e2467d1f5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7414.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7414", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7415.json b/2020/7xxx/CVE-2020-7415.json new file mode 100644 index 00000000000..41daf1d1d9b --- /dev/null +++ b/2020/7xxx/CVE-2020-7415.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7415", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7416.json b/2020/7xxx/CVE-2020-7416.json new file mode 100644 index 00000000000..4a49af0c2b1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7416.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7416", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7417.json b/2020/7xxx/CVE-2020-7417.json new file mode 100644 index 00000000000..37c64c893d8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7417.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7417", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7418.json b/2020/7xxx/CVE-2020-7418.json new file mode 100644 index 00000000000..eb0499cb762 --- /dev/null +++ b/2020/7xxx/CVE-2020-7418.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7418", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7419.json b/2020/7xxx/CVE-2020-7419.json new file mode 100644 index 00000000000..4ae32fb34ea --- /dev/null +++ b/2020/7xxx/CVE-2020-7419.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7419", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7420.json b/2020/7xxx/CVE-2020-7420.json new file mode 100644 index 00000000000..558ecc3019c --- /dev/null +++ b/2020/7xxx/CVE-2020-7420.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7420", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7421.json b/2020/7xxx/CVE-2020-7421.json new file mode 100644 index 00000000000..d18c1f87814 --- /dev/null +++ b/2020/7xxx/CVE-2020-7421.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7421", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7422.json b/2020/7xxx/CVE-2020-7422.json new file mode 100644 index 00000000000..93afe790353 --- /dev/null +++ b/2020/7xxx/CVE-2020-7422.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7422", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7423.json b/2020/7xxx/CVE-2020-7423.json new file mode 100644 index 00000000000..740f35219d1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7423.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7423", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7424.json b/2020/7xxx/CVE-2020-7424.json new file mode 100644 index 00000000000..d1499656f6c --- /dev/null +++ b/2020/7xxx/CVE-2020-7424.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7424", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7425.json b/2020/7xxx/CVE-2020-7425.json new file mode 100644 index 00000000000..8475e904f28 --- /dev/null +++ b/2020/7xxx/CVE-2020-7425.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7425", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7426.json b/2020/7xxx/CVE-2020-7426.json new file mode 100644 index 00000000000..d6c64229626 --- /dev/null +++ b/2020/7xxx/CVE-2020-7426.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7426", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7427.json b/2020/7xxx/CVE-2020-7427.json new file mode 100644 index 00000000000..f1f6ebdadcd --- /dev/null +++ b/2020/7xxx/CVE-2020-7427.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7427", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7428.json b/2020/7xxx/CVE-2020-7428.json new file mode 100644 index 00000000000..2383f87bf68 --- /dev/null +++ b/2020/7xxx/CVE-2020-7428.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7428", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7429.json b/2020/7xxx/CVE-2020-7429.json new file mode 100644 index 00000000000..fa44a859d91 --- /dev/null +++ b/2020/7xxx/CVE-2020-7429.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7429", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7430.json b/2020/7xxx/CVE-2020-7430.json new file mode 100644 index 00000000000..4db48f91b39 --- /dev/null +++ b/2020/7xxx/CVE-2020-7430.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7430", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7431.json b/2020/7xxx/CVE-2020-7431.json new file mode 100644 index 00000000000..5f181ebd907 --- /dev/null +++ b/2020/7xxx/CVE-2020-7431.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7431", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7432.json b/2020/7xxx/CVE-2020-7432.json new file mode 100644 index 00000000000..ed4e43f4e5e --- /dev/null +++ b/2020/7xxx/CVE-2020-7432.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7432", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7433.json b/2020/7xxx/CVE-2020-7433.json new file mode 100644 index 00000000000..688da459d0b --- /dev/null +++ b/2020/7xxx/CVE-2020-7433.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7433", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7434.json b/2020/7xxx/CVE-2020-7434.json new file mode 100644 index 00000000000..cc023e17b80 --- /dev/null +++ b/2020/7xxx/CVE-2020-7434.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7434", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7435.json b/2020/7xxx/CVE-2020-7435.json new file mode 100644 index 00000000000..3882cfd9749 --- /dev/null +++ b/2020/7xxx/CVE-2020-7435.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7435", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7436.json b/2020/7xxx/CVE-2020-7436.json new file mode 100644 index 00000000000..0b68ec839d7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7436.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7436", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7437.json b/2020/7xxx/CVE-2020-7437.json new file mode 100644 index 00000000000..c487ba6d3f5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7437.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7437", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7438.json b/2020/7xxx/CVE-2020-7438.json new file mode 100644 index 00000000000..e86f60db97a --- /dev/null +++ b/2020/7xxx/CVE-2020-7438.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7438", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7439.json b/2020/7xxx/CVE-2020-7439.json new file mode 100644 index 00000000000..274dd45cdd9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7439.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7439", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7440.json b/2020/7xxx/CVE-2020-7440.json new file mode 100644 index 00000000000..5c9a3c0b9eb --- /dev/null +++ b/2020/7xxx/CVE-2020-7440.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7440", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7441.json b/2020/7xxx/CVE-2020-7441.json new file mode 100644 index 00000000000..2bfc83ca3da --- /dev/null +++ b/2020/7xxx/CVE-2020-7441.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7441", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7442.json b/2020/7xxx/CVE-2020-7442.json new file mode 100644 index 00000000000..0231307081b --- /dev/null +++ b/2020/7xxx/CVE-2020-7442.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7442", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7443.json b/2020/7xxx/CVE-2020-7443.json new file mode 100644 index 00000000000..dbc88436525 --- /dev/null +++ b/2020/7xxx/CVE-2020-7443.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7443", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7444.json b/2020/7xxx/CVE-2020-7444.json new file mode 100644 index 00000000000..84e65cc2327 --- /dev/null +++ b/2020/7xxx/CVE-2020-7444.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7444", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7445.json b/2020/7xxx/CVE-2020-7445.json new file mode 100644 index 00000000000..0e38bf52e16 --- /dev/null +++ b/2020/7xxx/CVE-2020-7445.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7445", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7446.json b/2020/7xxx/CVE-2020-7446.json new file mode 100644 index 00000000000..4148735f43a --- /dev/null +++ b/2020/7xxx/CVE-2020-7446.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7446", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7447.json b/2020/7xxx/CVE-2020-7447.json new file mode 100644 index 00000000000..9aa4ddfdff9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7447.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7447", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7448.json b/2020/7xxx/CVE-2020-7448.json new file mode 100644 index 00000000000..fce5f797cd6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7448.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7448", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7449.json b/2020/7xxx/CVE-2020-7449.json new file mode 100644 index 00000000000..cca646b6197 --- /dev/null +++ b/2020/7xxx/CVE-2020-7449.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7449", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7450.json b/2020/7xxx/CVE-2020-7450.json new file mode 100644 index 00000000000..7b74f0e7dd5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7450.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7450", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7451.json b/2020/7xxx/CVE-2020-7451.json new file mode 100644 index 00000000000..576146165ce --- /dev/null +++ b/2020/7xxx/CVE-2020-7451.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7451", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7452.json b/2020/7xxx/CVE-2020-7452.json new file mode 100644 index 00000000000..1008dcda377 --- /dev/null +++ b/2020/7xxx/CVE-2020-7452.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7452", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7453.json b/2020/7xxx/CVE-2020-7453.json new file mode 100644 index 00000000000..8814267c465 --- /dev/null +++ b/2020/7xxx/CVE-2020-7453.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7453", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7454.json b/2020/7xxx/CVE-2020-7454.json new file mode 100644 index 00000000000..ade7d2d9f20 --- /dev/null +++ b/2020/7xxx/CVE-2020-7454.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7454", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7455.json b/2020/7xxx/CVE-2020-7455.json new file mode 100644 index 00000000000..ac712d7254f --- /dev/null +++ b/2020/7xxx/CVE-2020-7455.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7455", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7456.json b/2020/7xxx/CVE-2020-7456.json new file mode 100644 index 00000000000..8ec4202a2ca --- /dev/null +++ b/2020/7xxx/CVE-2020-7456.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7456", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7457.json b/2020/7xxx/CVE-2020-7457.json new file mode 100644 index 00000000000..f41e652918d --- /dev/null +++ b/2020/7xxx/CVE-2020-7457.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7457", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7458.json b/2020/7xxx/CVE-2020-7458.json new file mode 100644 index 00000000000..987dc214638 --- /dev/null +++ b/2020/7xxx/CVE-2020-7458.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7458", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7459.json b/2020/7xxx/CVE-2020-7459.json new file mode 100644 index 00000000000..ccfe4e9947a --- /dev/null +++ b/2020/7xxx/CVE-2020-7459.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7459", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7460.json b/2020/7xxx/CVE-2020-7460.json new file mode 100644 index 00000000000..1e311087b6f --- /dev/null +++ b/2020/7xxx/CVE-2020-7460.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7460", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7461.json b/2020/7xxx/CVE-2020-7461.json new file mode 100644 index 00000000000..56dd7284396 --- /dev/null +++ b/2020/7xxx/CVE-2020-7461.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7461", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7462.json b/2020/7xxx/CVE-2020-7462.json new file mode 100644 index 00000000000..2b908d6a8c0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7462.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7462", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7463.json b/2020/7xxx/CVE-2020-7463.json new file mode 100644 index 00000000000..dd9c8bdaa3a --- /dev/null +++ b/2020/7xxx/CVE-2020-7463.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7463", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7464.json b/2020/7xxx/CVE-2020-7464.json new file mode 100644 index 00000000000..c593df810a9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7464.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7464", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7465.json b/2020/7xxx/CVE-2020-7465.json new file mode 100644 index 00000000000..3696108daa7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7465.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7465", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7466.json b/2020/7xxx/CVE-2020-7466.json new file mode 100644 index 00000000000..0c486196e09 --- /dev/null +++ b/2020/7xxx/CVE-2020-7466.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7466", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7467.json b/2020/7xxx/CVE-2020-7467.json new file mode 100644 index 00000000000..5f4368d22db --- /dev/null +++ b/2020/7xxx/CVE-2020-7467.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7467", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7468.json b/2020/7xxx/CVE-2020-7468.json new file mode 100644 index 00000000000..42b87c8919c --- /dev/null +++ b/2020/7xxx/CVE-2020-7468.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7468", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7469.json b/2020/7xxx/CVE-2020-7469.json new file mode 100644 index 00000000000..430c189eeb5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7469.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7469", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7470.json b/2020/7xxx/CVE-2020-7470.json new file mode 100644 index 00000000000..6731b6e7e14 --- /dev/null +++ b/2020/7xxx/CVE-2020-7470.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the Friendly Name 1 field (after a successful login with the Web Admin Password)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/sonoff-sonoff-th-module-vuln-xss.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/sonoff-sonoff-th-module-vuln-xss.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7471.json b/2020/7xxx/CVE-2020-7471.json new file mode 100644 index 00000000000..086aea39570 --- /dev/null +++ b/2020/7xxx/CVE-2020-7471.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7471", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7472.json b/2020/7xxx/CVE-2020-7472.json new file mode 100644 index 00000000000..26f172f519f --- /dev/null +++ b/2020/7xxx/CVE-2020-7472.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7472", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7473.json b/2020/7xxx/CVE-2020-7473.json new file mode 100644 index 00000000000..811fb75982d --- /dev/null +++ b/2020/7xxx/CVE-2020-7473.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7473", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7474.json b/2020/7xxx/CVE-2020-7474.json new file mode 100644 index 00000000000..8f9f063082b --- /dev/null +++ b/2020/7xxx/CVE-2020-7474.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7474", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7475.json b/2020/7xxx/CVE-2020-7475.json new file mode 100644 index 00000000000..c82fa72ebe3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7475.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7475", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7476.json b/2020/7xxx/CVE-2020-7476.json new file mode 100644 index 00000000000..92cf3f08869 --- /dev/null +++ b/2020/7xxx/CVE-2020-7476.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7476", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7477.json b/2020/7xxx/CVE-2020-7477.json new file mode 100644 index 00000000000..f5e35b1085d --- /dev/null +++ b/2020/7xxx/CVE-2020-7477.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7477", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7478.json b/2020/7xxx/CVE-2020-7478.json new file mode 100644 index 00000000000..41d8e3413e3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7478.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7478", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7479.json b/2020/7xxx/CVE-2020-7479.json new file mode 100644 index 00000000000..54a5f312615 --- /dev/null +++ b/2020/7xxx/CVE-2020-7479.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7479", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7480.json b/2020/7xxx/CVE-2020-7480.json new file mode 100644 index 00000000000..0ec124ad329 --- /dev/null +++ b/2020/7xxx/CVE-2020-7480.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7480", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7481.json b/2020/7xxx/CVE-2020-7481.json new file mode 100644 index 00000000000..bfeae992e93 --- /dev/null +++ b/2020/7xxx/CVE-2020-7481.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7481", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7482.json b/2020/7xxx/CVE-2020-7482.json new file mode 100644 index 00000000000..0521cd693fa --- /dev/null +++ b/2020/7xxx/CVE-2020-7482.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7482", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7483.json b/2020/7xxx/CVE-2020-7483.json new file mode 100644 index 00000000000..cbae28c978e --- /dev/null +++ b/2020/7xxx/CVE-2020-7483.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7483", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7484.json b/2020/7xxx/CVE-2020-7484.json new file mode 100644 index 00000000000..5fdd27234a5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7484.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7484", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7485.json b/2020/7xxx/CVE-2020-7485.json new file mode 100644 index 00000000000..8b08aa1647a --- /dev/null +++ b/2020/7xxx/CVE-2020-7485.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7485", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7486.json b/2020/7xxx/CVE-2020-7486.json new file mode 100644 index 00000000000..2aa1d5c003e --- /dev/null +++ b/2020/7xxx/CVE-2020-7486.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7486", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7487.json b/2020/7xxx/CVE-2020-7487.json new file mode 100644 index 00000000000..4024dad62ba --- /dev/null +++ b/2020/7xxx/CVE-2020-7487.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7487", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7488.json b/2020/7xxx/CVE-2020-7488.json new file mode 100644 index 00000000000..3f70fc40ffe --- /dev/null +++ b/2020/7xxx/CVE-2020-7488.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7488", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7489.json b/2020/7xxx/CVE-2020-7489.json new file mode 100644 index 00000000000..32fd2fe0fc6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7489.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7489", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7490.json b/2020/7xxx/CVE-2020-7490.json new file mode 100644 index 00000000000..9ad197ef3fa --- /dev/null +++ b/2020/7xxx/CVE-2020-7490.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7490", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7491.json b/2020/7xxx/CVE-2020-7491.json new file mode 100644 index 00000000000..1ca21e633d2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7491.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7491", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7492.json b/2020/7xxx/CVE-2020-7492.json new file mode 100644 index 00000000000..505642a0bfa --- /dev/null +++ b/2020/7xxx/CVE-2020-7492.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7492", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7493.json b/2020/7xxx/CVE-2020-7493.json new file mode 100644 index 00000000000..bda37759922 --- /dev/null +++ b/2020/7xxx/CVE-2020-7493.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7493", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7494.json b/2020/7xxx/CVE-2020-7494.json new file mode 100644 index 00000000000..a98fd0d9e2e --- /dev/null +++ b/2020/7xxx/CVE-2020-7494.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7494", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7495.json b/2020/7xxx/CVE-2020-7495.json new file mode 100644 index 00000000000..ab4a6811176 --- /dev/null +++ b/2020/7xxx/CVE-2020-7495.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7495", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7496.json b/2020/7xxx/CVE-2020-7496.json new file mode 100644 index 00000000000..85bee44305c --- /dev/null +++ b/2020/7xxx/CVE-2020-7496.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7496", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7497.json b/2020/7xxx/CVE-2020-7497.json new file mode 100644 index 00000000000..a43aa456b70 --- /dev/null +++ b/2020/7xxx/CVE-2020-7497.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7497", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7498.json b/2020/7xxx/CVE-2020-7498.json new file mode 100644 index 00000000000..4256a4c7bc2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7498.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7498", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7499.json b/2020/7xxx/CVE-2020-7499.json new file mode 100644 index 00000000000..d1a5148914a --- /dev/null +++ b/2020/7xxx/CVE-2020-7499.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7499", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7500.json b/2020/7xxx/CVE-2020-7500.json new file mode 100644 index 00000000000..68610f74276 --- /dev/null +++ b/2020/7xxx/CVE-2020-7500.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7500", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7501.json b/2020/7xxx/CVE-2020-7501.json new file mode 100644 index 00000000000..2f0fe173b90 --- /dev/null +++ b/2020/7xxx/CVE-2020-7501.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7501", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7502.json b/2020/7xxx/CVE-2020-7502.json new file mode 100644 index 00000000000..4530077bb32 --- /dev/null +++ b/2020/7xxx/CVE-2020-7502.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7502", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7503.json b/2020/7xxx/CVE-2020-7503.json new file mode 100644 index 00000000000..a6037f02d74 --- /dev/null +++ b/2020/7xxx/CVE-2020-7503.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7503", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7504.json b/2020/7xxx/CVE-2020-7504.json new file mode 100644 index 00000000000..cab7eec888d --- /dev/null +++ b/2020/7xxx/CVE-2020-7504.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7504", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7505.json b/2020/7xxx/CVE-2020-7505.json new file mode 100644 index 00000000000..92d6eb35c3d --- /dev/null +++ b/2020/7xxx/CVE-2020-7505.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7505", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7506.json b/2020/7xxx/CVE-2020-7506.json new file mode 100644 index 00000000000..bc226af496e --- /dev/null +++ b/2020/7xxx/CVE-2020-7506.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7506", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7507.json b/2020/7xxx/CVE-2020-7507.json new file mode 100644 index 00000000000..fcb2d09e2a0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7507.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7507", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7508.json b/2020/7xxx/CVE-2020-7508.json new file mode 100644 index 00000000000..94842503722 --- /dev/null +++ b/2020/7xxx/CVE-2020-7508.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7508", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7509.json b/2020/7xxx/CVE-2020-7509.json new file mode 100644 index 00000000000..61a93cf1520 --- /dev/null +++ b/2020/7xxx/CVE-2020-7509.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7509", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7510.json b/2020/7xxx/CVE-2020-7510.json new file mode 100644 index 00000000000..258d350dea8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7510.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7510", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7511.json b/2020/7xxx/CVE-2020-7511.json new file mode 100644 index 00000000000..134c114aad3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7511.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7511", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7512.json b/2020/7xxx/CVE-2020-7512.json new file mode 100644 index 00000000000..02bdaea72f7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7512.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7512", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7513.json b/2020/7xxx/CVE-2020-7513.json new file mode 100644 index 00000000000..7c36beb5cd7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7513.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7513", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7514.json b/2020/7xxx/CVE-2020-7514.json new file mode 100644 index 00000000000..5603d29c048 --- /dev/null +++ b/2020/7xxx/CVE-2020-7514.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7514", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7515.json b/2020/7xxx/CVE-2020-7515.json new file mode 100644 index 00000000000..d344d436add --- /dev/null +++ b/2020/7xxx/CVE-2020-7515.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7515", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7516.json b/2020/7xxx/CVE-2020-7516.json new file mode 100644 index 00000000000..18fe4a756fb --- /dev/null +++ b/2020/7xxx/CVE-2020-7516.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7516", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7517.json b/2020/7xxx/CVE-2020-7517.json new file mode 100644 index 00000000000..aab1ba43d72 --- /dev/null +++ b/2020/7xxx/CVE-2020-7517.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7517", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7518.json b/2020/7xxx/CVE-2020-7518.json new file mode 100644 index 00000000000..ec8dbe41f33 --- /dev/null +++ b/2020/7xxx/CVE-2020-7518.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7518", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7519.json b/2020/7xxx/CVE-2020-7519.json new file mode 100644 index 00000000000..f5c55b0e0fd --- /dev/null +++ b/2020/7xxx/CVE-2020-7519.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7519", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7520.json b/2020/7xxx/CVE-2020-7520.json new file mode 100644 index 00000000000..fa6520465c2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7520.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7520", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7521.json b/2020/7xxx/CVE-2020-7521.json new file mode 100644 index 00000000000..1c164dd85ce --- /dev/null +++ b/2020/7xxx/CVE-2020-7521.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7521", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7522.json b/2020/7xxx/CVE-2020-7522.json new file mode 100644 index 00000000000..ee7017cd3a9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7522.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7522", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7523.json b/2020/7xxx/CVE-2020-7523.json new file mode 100644 index 00000000000..a8e98dd33c0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7523.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7523", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7524.json b/2020/7xxx/CVE-2020-7524.json new file mode 100644 index 00000000000..0208a472d63 --- /dev/null +++ b/2020/7xxx/CVE-2020-7524.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7524", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7525.json b/2020/7xxx/CVE-2020-7525.json new file mode 100644 index 00000000000..81477f3e568 --- /dev/null +++ b/2020/7xxx/CVE-2020-7525.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7525", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7526.json b/2020/7xxx/CVE-2020-7526.json new file mode 100644 index 00000000000..e68027f9faf --- /dev/null +++ b/2020/7xxx/CVE-2020-7526.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7526", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7527.json b/2020/7xxx/CVE-2020-7527.json new file mode 100644 index 00000000000..cc55ddb84f6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7527.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7527", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7528.json b/2020/7xxx/CVE-2020-7528.json new file mode 100644 index 00000000000..874072d9df8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7528.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7528", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7529.json b/2020/7xxx/CVE-2020-7529.json new file mode 100644 index 00000000000..77b4d3da2a2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7529.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7529", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7530.json b/2020/7xxx/CVE-2020-7530.json new file mode 100644 index 00000000000..7ec70315ec6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7530.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7530", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7531.json b/2020/7xxx/CVE-2020-7531.json new file mode 100644 index 00000000000..4bee32682c4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7531.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7531", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7532.json b/2020/7xxx/CVE-2020-7532.json new file mode 100644 index 00000000000..e55993cbab6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7532.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7532", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7533.json b/2020/7xxx/CVE-2020-7533.json new file mode 100644 index 00000000000..02cb719703d --- /dev/null +++ b/2020/7xxx/CVE-2020-7533.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7533", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7534.json b/2020/7xxx/CVE-2020-7534.json new file mode 100644 index 00000000000..a26397fee4b --- /dev/null +++ b/2020/7xxx/CVE-2020-7534.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7534", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7535.json b/2020/7xxx/CVE-2020-7535.json new file mode 100644 index 00000000000..9cbd987671c --- /dev/null +++ b/2020/7xxx/CVE-2020-7535.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7535", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7536.json b/2020/7xxx/CVE-2020-7536.json new file mode 100644 index 00000000000..3af9bb97dab --- /dev/null +++ b/2020/7xxx/CVE-2020-7536.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7536", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7537.json b/2020/7xxx/CVE-2020-7537.json new file mode 100644 index 00000000000..c28d5fd95dd --- /dev/null +++ b/2020/7xxx/CVE-2020-7537.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7537", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7538.json b/2020/7xxx/CVE-2020-7538.json new file mode 100644 index 00000000000..a388628132c --- /dev/null +++ b/2020/7xxx/CVE-2020-7538.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7538", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7539.json b/2020/7xxx/CVE-2020-7539.json new file mode 100644 index 00000000000..8986a2342b7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7539.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7539", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7540.json b/2020/7xxx/CVE-2020-7540.json new file mode 100644 index 00000000000..b9d088718a9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7540.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7540", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7541.json b/2020/7xxx/CVE-2020-7541.json new file mode 100644 index 00000000000..2d75e492c04 --- /dev/null +++ b/2020/7xxx/CVE-2020-7541.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7541", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7542.json b/2020/7xxx/CVE-2020-7542.json new file mode 100644 index 00000000000..a113696bd2e --- /dev/null +++ b/2020/7xxx/CVE-2020-7542.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7542", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7543.json b/2020/7xxx/CVE-2020-7543.json new file mode 100644 index 00000000000..4cf5ec9e064 --- /dev/null +++ b/2020/7xxx/CVE-2020-7543.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7543", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7544.json b/2020/7xxx/CVE-2020-7544.json new file mode 100644 index 00000000000..149984b20a6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7544.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7544", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7545.json b/2020/7xxx/CVE-2020-7545.json new file mode 100644 index 00000000000..95957a3f047 --- /dev/null +++ b/2020/7xxx/CVE-2020-7545.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7545", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7546.json b/2020/7xxx/CVE-2020-7546.json new file mode 100644 index 00000000000..fad54c90811 --- /dev/null +++ b/2020/7xxx/CVE-2020-7546.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7546", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7547.json b/2020/7xxx/CVE-2020-7547.json new file mode 100644 index 00000000000..fcf916edb27 --- /dev/null +++ b/2020/7xxx/CVE-2020-7547.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7547", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7548.json b/2020/7xxx/CVE-2020-7548.json new file mode 100644 index 00000000000..4cee966e3a5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7548.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7548", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7549.json b/2020/7xxx/CVE-2020-7549.json new file mode 100644 index 00000000000..6e1391e1122 --- /dev/null +++ b/2020/7xxx/CVE-2020-7549.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7549", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7550.json b/2020/7xxx/CVE-2020-7550.json new file mode 100644 index 00000000000..a9c4181a45f --- /dev/null +++ b/2020/7xxx/CVE-2020-7550.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7550", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7551.json b/2020/7xxx/CVE-2020-7551.json new file mode 100644 index 00000000000..49b6b8c01c9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7551.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7551", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7552.json b/2020/7xxx/CVE-2020-7552.json new file mode 100644 index 00000000000..e763fbf9839 --- /dev/null +++ b/2020/7xxx/CVE-2020-7552.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7552", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7553.json b/2020/7xxx/CVE-2020-7553.json new file mode 100644 index 00000000000..d96341424dd --- /dev/null +++ b/2020/7xxx/CVE-2020-7553.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7553", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7554.json b/2020/7xxx/CVE-2020-7554.json new file mode 100644 index 00000000000..c0978742d31 --- /dev/null +++ b/2020/7xxx/CVE-2020-7554.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7554", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7555.json b/2020/7xxx/CVE-2020-7555.json new file mode 100644 index 00000000000..1a341a82599 --- /dev/null +++ b/2020/7xxx/CVE-2020-7555.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7555", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7556.json b/2020/7xxx/CVE-2020-7556.json new file mode 100644 index 00000000000..c0457f77382 --- /dev/null +++ b/2020/7xxx/CVE-2020-7556.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7556", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7557.json b/2020/7xxx/CVE-2020-7557.json new file mode 100644 index 00000000000..90d3c4641e6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7557.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7557", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7558.json b/2020/7xxx/CVE-2020-7558.json new file mode 100644 index 00000000000..fb8c1f454e4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7558.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7558", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7559.json b/2020/7xxx/CVE-2020-7559.json new file mode 100644 index 00000000000..1a4163240c8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7559.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7559", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7560.json b/2020/7xxx/CVE-2020-7560.json new file mode 100644 index 00000000000..5ebbaefb2ce --- /dev/null +++ b/2020/7xxx/CVE-2020-7560.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7560", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7561.json b/2020/7xxx/CVE-2020-7561.json new file mode 100644 index 00000000000..966e4f95741 --- /dev/null +++ b/2020/7xxx/CVE-2020-7561.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7561", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7562.json b/2020/7xxx/CVE-2020-7562.json new file mode 100644 index 00000000000..54f8623868a --- /dev/null +++ b/2020/7xxx/CVE-2020-7562.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7562", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7563.json b/2020/7xxx/CVE-2020-7563.json new file mode 100644 index 00000000000..aee90dbb032 --- /dev/null +++ b/2020/7xxx/CVE-2020-7563.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7563", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7564.json b/2020/7xxx/CVE-2020-7564.json new file mode 100644 index 00000000000..5859b22334b --- /dev/null +++ b/2020/7xxx/CVE-2020-7564.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7564", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7565.json b/2020/7xxx/CVE-2020-7565.json new file mode 100644 index 00000000000..5341688ee28 --- /dev/null +++ b/2020/7xxx/CVE-2020-7565.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7565", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7566.json b/2020/7xxx/CVE-2020-7566.json new file mode 100644 index 00000000000..5c264490824 --- /dev/null +++ b/2020/7xxx/CVE-2020-7566.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7566", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7567.json b/2020/7xxx/CVE-2020-7567.json new file mode 100644 index 00000000000..273fb6f7856 --- /dev/null +++ b/2020/7xxx/CVE-2020-7567.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7567", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7568.json b/2020/7xxx/CVE-2020-7568.json new file mode 100644 index 00000000000..f8293dbe395 --- /dev/null +++ b/2020/7xxx/CVE-2020-7568.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7568", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7569.json b/2020/7xxx/CVE-2020-7569.json new file mode 100644 index 00000000000..766cbf45b0a --- /dev/null +++ b/2020/7xxx/CVE-2020-7569.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7569", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7570.json b/2020/7xxx/CVE-2020-7570.json new file mode 100644 index 00000000000..c448994f778 --- /dev/null +++ b/2020/7xxx/CVE-2020-7570.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7570", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7571.json b/2020/7xxx/CVE-2020-7571.json new file mode 100644 index 00000000000..5e39f5cdd62 --- /dev/null +++ b/2020/7xxx/CVE-2020-7571.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7571", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7572.json b/2020/7xxx/CVE-2020-7572.json new file mode 100644 index 00000000000..49011d2aa29 --- /dev/null +++ b/2020/7xxx/CVE-2020-7572.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7572", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7573.json b/2020/7xxx/CVE-2020-7573.json new file mode 100644 index 00000000000..6e26790d9f8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7573.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7573", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7574.json b/2020/7xxx/CVE-2020-7574.json new file mode 100644 index 00000000000..9617ceca538 --- /dev/null +++ b/2020/7xxx/CVE-2020-7574.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7574", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7575.json b/2020/7xxx/CVE-2020-7575.json new file mode 100644 index 00000000000..9789618d7e1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7575.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7575", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7576.json b/2020/7xxx/CVE-2020-7576.json new file mode 100644 index 00000000000..df1e02501b3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7576.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7576", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7577.json b/2020/7xxx/CVE-2020-7577.json new file mode 100644 index 00000000000..f02dcc34325 --- /dev/null +++ b/2020/7xxx/CVE-2020-7577.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7577", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7578.json b/2020/7xxx/CVE-2020-7578.json new file mode 100644 index 00000000000..3e7e9905353 --- /dev/null +++ b/2020/7xxx/CVE-2020-7578.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7578", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7579.json b/2020/7xxx/CVE-2020-7579.json new file mode 100644 index 00000000000..c4da3bf00ba --- /dev/null +++ b/2020/7xxx/CVE-2020-7579.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7579", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7580.json b/2020/7xxx/CVE-2020-7580.json new file mode 100644 index 00000000000..aa33881e912 --- /dev/null +++ b/2020/7xxx/CVE-2020-7580.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7580", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7581.json b/2020/7xxx/CVE-2020-7581.json new file mode 100644 index 00000000000..e697aac529d --- /dev/null +++ b/2020/7xxx/CVE-2020-7581.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7581", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7582.json b/2020/7xxx/CVE-2020-7582.json new file mode 100644 index 00000000000..181657d7f08 --- /dev/null +++ b/2020/7xxx/CVE-2020-7582.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7582", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7583.json b/2020/7xxx/CVE-2020-7583.json new file mode 100644 index 00000000000..3fff0b8bcec --- /dev/null +++ b/2020/7xxx/CVE-2020-7583.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7583", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7584.json b/2020/7xxx/CVE-2020-7584.json new file mode 100644 index 00000000000..13433bb8f19 --- /dev/null +++ b/2020/7xxx/CVE-2020-7584.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7584", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7585.json b/2020/7xxx/CVE-2020-7585.json new file mode 100644 index 00000000000..5ae78511a91 --- /dev/null +++ b/2020/7xxx/CVE-2020-7585.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7585", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7586.json b/2020/7xxx/CVE-2020-7586.json new file mode 100644 index 00000000000..1a7a1e6ea09 --- /dev/null +++ b/2020/7xxx/CVE-2020-7586.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7586", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7587.json b/2020/7xxx/CVE-2020-7587.json new file mode 100644 index 00000000000..b6ca3460de5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7587.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7587", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7588.json b/2020/7xxx/CVE-2020-7588.json new file mode 100644 index 00000000000..3f598063479 --- /dev/null +++ b/2020/7xxx/CVE-2020-7588.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7588", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7589.json b/2020/7xxx/CVE-2020-7589.json new file mode 100644 index 00000000000..cd7072236fb --- /dev/null +++ b/2020/7xxx/CVE-2020-7589.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7589", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7590.json b/2020/7xxx/CVE-2020-7590.json new file mode 100644 index 00000000000..991da1c866c --- /dev/null +++ b/2020/7xxx/CVE-2020-7590.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7590", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7591.json b/2020/7xxx/CVE-2020-7591.json new file mode 100644 index 00000000000..b9928279b1f --- /dev/null +++ b/2020/7xxx/CVE-2020-7591.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7591", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7592.json b/2020/7xxx/CVE-2020-7592.json new file mode 100644 index 00000000000..903eb840a8b --- /dev/null +++ b/2020/7xxx/CVE-2020-7592.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7592", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7593.json b/2020/7xxx/CVE-2020-7593.json new file mode 100644 index 00000000000..eafead8f866 --- /dev/null +++ b/2020/7xxx/CVE-2020-7593.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7593", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7594.json b/2020/7xxx/CVE-2020-7594.json new file mode 100644 index 00000000000..5e6d35bb321 --- /dev/null +++ b/2020/7xxx/CVE-2020-7594.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/multitech-authenticated-remote-code.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/multitech-authenticated-remote-code.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7595.json b/2020/7xxx/CVE-2020-7595.json new file mode 100644 index 00000000000..e6f727a946e --- /dev/null +++ b/2020/7xxx/CVE-2020-7595.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076", + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c89076" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7596.json b/2020/7xxx/CVE-2020-7596.json new file mode 100644 index 00000000000..45951919da0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7596.json @@ -0,0 +1,62 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7596", + "ASSIGNER": "report@snyk.io", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "codecov npm module", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 3.6.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://snyk.io/vuln/SNYK-JS-CODECOV-543183", + "url": "https://snyk.io/vuln/SNYK-JS-CODECOV-543183" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the \"gcov-args\" argument." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7597.json b/2020/7xxx/CVE-2020-7597.json new file mode 100644 index 00000000000..39ccaaa1223 --- /dev/null +++ b/2020/7xxx/CVE-2020-7597.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7597", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7598.json b/2020/7xxx/CVE-2020-7598.json new file mode 100644 index 00000000000..2881e004a15 --- /dev/null +++ b/2020/7xxx/CVE-2020-7598.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7598", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7599.json b/2020/7xxx/CVE-2020-7599.json new file mode 100644 index 00000000000..a9ae95aa811 --- /dev/null +++ b/2020/7xxx/CVE-2020-7599.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7599", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7600.json b/2020/7xxx/CVE-2020-7600.json new file mode 100644 index 00000000000..a8755e59d6a --- /dev/null +++ b/2020/7xxx/CVE-2020-7600.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7600", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7601.json b/2020/7xxx/CVE-2020-7601.json new file mode 100644 index 00000000000..d8d032dd103 --- /dev/null +++ b/2020/7xxx/CVE-2020-7601.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7601", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7602.json b/2020/7xxx/CVE-2020-7602.json new file mode 100644 index 00000000000..69a41374107 --- /dev/null +++ b/2020/7xxx/CVE-2020-7602.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7602", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7603.json b/2020/7xxx/CVE-2020-7603.json new file mode 100644 index 00000000000..c7d17b1185a --- /dev/null +++ b/2020/7xxx/CVE-2020-7603.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7603", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7604.json b/2020/7xxx/CVE-2020-7604.json new file mode 100644 index 00000000000..b33e66c1735 --- /dev/null +++ b/2020/7xxx/CVE-2020-7604.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7604", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7605.json b/2020/7xxx/CVE-2020-7605.json new file mode 100644 index 00000000000..48993f9a525 --- /dev/null +++ b/2020/7xxx/CVE-2020-7605.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7605", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7606.json b/2020/7xxx/CVE-2020-7606.json new file mode 100644 index 00000000000..e2fe5d563af --- /dev/null +++ b/2020/7xxx/CVE-2020-7606.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7606", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7607.json b/2020/7xxx/CVE-2020-7607.json new file mode 100644 index 00000000000..994206ad2d3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7607.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7607", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7608.json b/2020/7xxx/CVE-2020-7608.json new file mode 100644 index 00000000000..fc77fd151d1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7608.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7608", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7609.json b/2020/7xxx/CVE-2020-7609.json new file mode 100644 index 00000000000..8bd4bea1656 --- /dev/null +++ b/2020/7xxx/CVE-2020-7609.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7609", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7610.json b/2020/7xxx/CVE-2020-7610.json new file mode 100644 index 00000000000..fda87e05c98 --- /dev/null +++ b/2020/7xxx/CVE-2020-7610.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7610", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7611.json b/2020/7xxx/CVE-2020-7611.json new file mode 100644 index 00000000000..59c209ba5c7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7611.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7611", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7612.json b/2020/7xxx/CVE-2020-7612.json new file mode 100644 index 00000000000..d171f6217df --- /dev/null +++ b/2020/7xxx/CVE-2020-7612.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7612", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7613.json b/2020/7xxx/CVE-2020-7613.json new file mode 100644 index 00000000000..10e11db7892 --- /dev/null +++ b/2020/7xxx/CVE-2020-7613.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7613", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7614.json b/2020/7xxx/CVE-2020-7614.json new file mode 100644 index 00000000000..e3e54605ac5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7614.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7614", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7615.json b/2020/7xxx/CVE-2020-7615.json new file mode 100644 index 00000000000..bab4e82825a --- /dev/null +++ b/2020/7xxx/CVE-2020-7615.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7615", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7616.json b/2020/7xxx/CVE-2020-7616.json new file mode 100644 index 00000000000..f2f4be724b2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7616.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7616", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7617.json b/2020/7xxx/CVE-2020-7617.json new file mode 100644 index 00000000000..950045b5cc7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7617.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7617", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7618.json b/2020/7xxx/CVE-2020-7618.json new file mode 100644 index 00000000000..c497c11583b --- /dev/null +++ b/2020/7xxx/CVE-2020-7618.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7618", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7619.json b/2020/7xxx/CVE-2020-7619.json new file mode 100644 index 00000000000..960890ff550 --- /dev/null +++ b/2020/7xxx/CVE-2020-7619.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7619", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7620.json b/2020/7xxx/CVE-2020-7620.json new file mode 100644 index 00000000000..43e84d185b6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7620.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7620", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7621.json b/2020/7xxx/CVE-2020-7621.json new file mode 100644 index 00000000000..7ccbfca0ed1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7621.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7621", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7622.json b/2020/7xxx/CVE-2020-7622.json new file mode 100644 index 00000000000..a8932f5768a --- /dev/null +++ b/2020/7xxx/CVE-2020-7622.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7622", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7623.json b/2020/7xxx/CVE-2020-7623.json new file mode 100644 index 00000000000..9e35bde3fda --- /dev/null +++ b/2020/7xxx/CVE-2020-7623.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7623", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7624.json b/2020/7xxx/CVE-2020-7624.json new file mode 100644 index 00000000000..0da85903f01 --- /dev/null +++ b/2020/7xxx/CVE-2020-7624.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7624", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7625.json b/2020/7xxx/CVE-2020-7625.json new file mode 100644 index 00000000000..b6055a2dbe4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7625.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7625", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7626.json b/2020/7xxx/CVE-2020-7626.json new file mode 100644 index 00000000000..c4c7635e010 --- /dev/null +++ b/2020/7xxx/CVE-2020-7626.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7626", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7627.json b/2020/7xxx/CVE-2020-7627.json new file mode 100644 index 00000000000..d26556c2556 --- /dev/null +++ b/2020/7xxx/CVE-2020-7627.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7627", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7628.json b/2020/7xxx/CVE-2020-7628.json new file mode 100644 index 00000000000..652dc74bfcb --- /dev/null +++ b/2020/7xxx/CVE-2020-7628.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7628", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7629.json b/2020/7xxx/CVE-2020-7629.json new file mode 100644 index 00000000000..cbb81daa48d --- /dev/null +++ b/2020/7xxx/CVE-2020-7629.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7629", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7630.json b/2020/7xxx/CVE-2020-7630.json new file mode 100644 index 00000000000..0e658651e26 --- /dev/null +++ b/2020/7xxx/CVE-2020-7630.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7630", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7631.json b/2020/7xxx/CVE-2020-7631.json new file mode 100644 index 00000000000..461dda14e8c --- /dev/null +++ b/2020/7xxx/CVE-2020-7631.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7631", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7632.json b/2020/7xxx/CVE-2020-7632.json new file mode 100644 index 00000000000..650681659a8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7632.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7632", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7633.json b/2020/7xxx/CVE-2020-7633.json new file mode 100644 index 00000000000..729df92af2a --- /dev/null +++ b/2020/7xxx/CVE-2020-7633.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7633", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7634.json b/2020/7xxx/CVE-2020-7634.json new file mode 100644 index 00000000000..782e76b73ee --- /dev/null +++ b/2020/7xxx/CVE-2020-7634.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7634", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7635.json b/2020/7xxx/CVE-2020-7635.json new file mode 100644 index 00000000000..c94af26df18 --- /dev/null +++ b/2020/7xxx/CVE-2020-7635.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7635", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7636.json b/2020/7xxx/CVE-2020-7636.json new file mode 100644 index 00000000000..fe105b783cd --- /dev/null +++ b/2020/7xxx/CVE-2020-7636.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7636", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7637.json b/2020/7xxx/CVE-2020-7637.json new file mode 100644 index 00000000000..15a75d72660 --- /dev/null +++ b/2020/7xxx/CVE-2020-7637.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7637", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7638.json b/2020/7xxx/CVE-2020-7638.json new file mode 100644 index 00000000000..8c9f848422e --- /dev/null +++ b/2020/7xxx/CVE-2020-7638.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7638", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7639.json b/2020/7xxx/CVE-2020-7639.json new file mode 100644 index 00000000000..637ba95d1eb --- /dev/null +++ b/2020/7xxx/CVE-2020-7639.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7639", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7640.json b/2020/7xxx/CVE-2020-7640.json new file mode 100644 index 00000000000..a32dfd19e7e --- /dev/null +++ b/2020/7xxx/CVE-2020-7640.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7640", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7641.json b/2020/7xxx/CVE-2020-7641.json new file mode 100644 index 00000000000..328b2005141 --- /dev/null +++ b/2020/7xxx/CVE-2020-7641.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7641", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7642.json b/2020/7xxx/CVE-2020-7642.json new file mode 100644 index 00000000000..7b5fada09db --- /dev/null +++ b/2020/7xxx/CVE-2020-7642.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7642", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7643.json b/2020/7xxx/CVE-2020-7643.json new file mode 100644 index 00000000000..96e544fbef7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7643.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7643", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7644.json b/2020/7xxx/CVE-2020-7644.json new file mode 100644 index 00000000000..f6e15b9a980 --- /dev/null +++ b/2020/7xxx/CVE-2020-7644.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7644", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7645.json b/2020/7xxx/CVE-2020-7645.json new file mode 100644 index 00000000000..5f7fa0e2159 --- /dev/null +++ b/2020/7xxx/CVE-2020-7645.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7645", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7646.json b/2020/7xxx/CVE-2020-7646.json new file mode 100644 index 00000000000..54d2c88532c --- /dev/null +++ b/2020/7xxx/CVE-2020-7646.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7646", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7647.json b/2020/7xxx/CVE-2020-7647.json new file mode 100644 index 00000000000..1e639da5b9b --- /dev/null +++ b/2020/7xxx/CVE-2020-7647.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7647", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7648.json b/2020/7xxx/CVE-2020-7648.json new file mode 100644 index 00000000000..8f32efe1fef --- /dev/null +++ b/2020/7xxx/CVE-2020-7648.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7648", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7649.json b/2020/7xxx/CVE-2020-7649.json new file mode 100644 index 00000000000..1973f9ea5cb --- /dev/null +++ b/2020/7xxx/CVE-2020-7649.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7649", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7650.json b/2020/7xxx/CVE-2020-7650.json new file mode 100644 index 00000000000..deb62e0ccc2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7650.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7650", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7651.json b/2020/7xxx/CVE-2020-7651.json new file mode 100644 index 00000000000..2c90da93917 --- /dev/null +++ b/2020/7xxx/CVE-2020-7651.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7651", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7652.json b/2020/7xxx/CVE-2020-7652.json new file mode 100644 index 00000000000..fd8ff7540e0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7652.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7652", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7653.json b/2020/7xxx/CVE-2020-7653.json new file mode 100644 index 00000000000..2ead0144801 --- /dev/null +++ b/2020/7xxx/CVE-2020-7653.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7653", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7654.json b/2020/7xxx/CVE-2020-7654.json new file mode 100644 index 00000000000..63eed26484b --- /dev/null +++ b/2020/7xxx/CVE-2020-7654.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7654", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7655.json b/2020/7xxx/CVE-2020-7655.json new file mode 100644 index 00000000000..4b0c714bbc5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7655.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7655", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7656.json b/2020/7xxx/CVE-2020-7656.json new file mode 100644 index 00000000000..87bbc3a16f6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7656.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7656", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7657.json b/2020/7xxx/CVE-2020-7657.json new file mode 100644 index 00000000000..f3e364cb918 --- /dev/null +++ b/2020/7xxx/CVE-2020-7657.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7657", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7658.json b/2020/7xxx/CVE-2020-7658.json new file mode 100644 index 00000000000..8d5f1a0490d --- /dev/null +++ b/2020/7xxx/CVE-2020-7658.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7658", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7659.json b/2020/7xxx/CVE-2020-7659.json new file mode 100644 index 00000000000..763b8150c83 --- /dev/null +++ b/2020/7xxx/CVE-2020-7659.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7659", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7660.json b/2020/7xxx/CVE-2020-7660.json new file mode 100644 index 00000000000..a68c17f51d2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7660.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7660", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7661.json b/2020/7xxx/CVE-2020-7661.json new file mode 100644 index 00000000000..f5019eda0af --- /dev/null +++ b/2020/7xxx/CVE-2020-7661.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7661", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7662.json b/2020/7xxx/CVE-2020-7662.json new file mode 100644 index 00000000000..3f2151e9138 --- /dev/null +++ b/2020/7xxx/CVE-2020-7662.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7662", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7663.json b/2020/7xxx/CVE-2020-7663.json new file mode 100644 index 00000000000..bbe447d6f82 --- /dev/null +++ b/2020/7xxx/CVE-2020-7663.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7663", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7664.json b/2020/7xxx/CVE-2020-7664.json new file mode 100644 index 00000000000..a2297822b43 --- /dev/null +++ b/2020/7xxx/CVE-2020-7664.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7664", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7665.json b/2020/7xxx/CVE-2020-7665.json new file mode 100644 index 00000000000..2914e6c13d7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7665.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7665", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7666.json b/2020/7xxx/CVE-2020-7666.json new file mode 100644 index 00000000000..84b30b093a6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7666.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7666", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7667.json b/2020/7xxx/CVE-2020-7667.json new file mode 100644 index 00000000000..5b2d610bfac --- /dev/null +++ b/2020/7xxx/CVE-2020-7667.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7667", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7668.json b/2020/7xxx/CVE-2020-7668.json new file mode 100644 index 00000000000..20b62f252bc --- /dev/null +++ b/2020/7xxx/CVE-2020-7668.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7668", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7669.json b/2020/7xxx/CVE-2020-7669.json new file mode 100644 index 00000000000..2b4fa80c321 --- /dev/null +++ b/2020/7xxx/CVE-2020-7669.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7669", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7670.json b/2020/7xxx/CVE-2020-7670.json new file mode 100644 index 00000000000..c14171ba67a --- /dev/null +++ b/2020/7xxx/CVE-2020-7670.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7670", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7671.json b/2020/7xxx/CVE-2020-7671.json new file mode 100644 index 00000000000..f217b5851ef --- /dev/null +++ b/2020/7xxx/CVE-2020-7671.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7671", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7672.json b/2020/7xxx/CVE-2020-7672.json new file mode 100644 index 00000000000..9b92463e43c --- /dev/null +++ b/2020/7xxx/CVE-2020-7672.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7672", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7673.json b/2020/7xxx/CVE-2020-7673.json new file mode 100644 index 00000000000..ddc6f185b6d --- /dev/null +++ b/2020/7xxx/CVE-2020-7673.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7673", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7674.json b/2020/7xxx/CVE-2020-7674.json new file mode 100644 index 00000000000..65f64f0f836 --- /dev/null +++ b/2020/7xxx/CVE-2020-7674.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7674", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7675.json b/2020/7xxx/CVE-2020-7675.json new file mode 100644 index 00000000000..17dc76bfdba --- /dev/null +++ b/2020/7xxx/CVE-2020-7675.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7675", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7676.json b/2020/7xxx/CVE-2020-7676.json new file mode 100644 index 00000000000..a4aa07f5767 --- /dev/null +++ b/2020/7xxx/CVE-2020-7676.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7676", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7677.json b/2020/7xxx/CVE-2020-7677.json new file mode 100644 index 00000000000..69d16bbef7b --- /dev/null +++ b/2020/7xxx/CVE-2020-7677.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7677", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7678.json b/2020/7xxx/CVE-2020-7678.json new file mode 100644 index 00000000000..0d8ec4ccada --- /dev/null +++ b/2020/7xxx/CVE-2020-7678.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7678", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7679.json b/2020/7xxx/CVE-2020-7679.json new file mode 100644 index 00000000000..46984701ed8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7679.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7679", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7680.json b/2020/7xxx/CVE-2020-7680.json new file mode 100644 index 00000000000..a67fb797b1f --- /dev/null +++ b/2020/7xxx/CVE-2020-7680.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7680", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7681.json b/2020/7xxx/CVE-2020-7681.json new file mode 100644 index 00000000000..fe85bdbdfce --- /dev/null +++ b/2020/7xxx/CVE-2020-7681.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7681", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7682.json b/2020/7xxx/CVE-2020-7682.json new file mode 100644 index 00000000000..aaea00735b9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7682.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7682", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7683.json b/2020/7xxx/CVE-2020-7683.json new file mode 100644 index 00000000000..cc09f065236 --- /dev/null +++ b/2020/7xxx/CVE-2020-7683.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7683", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7684.json b/2020/7xxx/CVE-2020-7684.json new file mode 100644 index 00000000000..62d16fd43f2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7684.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7684", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7685.json b/2020/7xxx/CVE-2020-7685.json new file mode 100644 index 00000000000..3cebf62ee82 --- /dev/null +++ b/2020/7xxx/CVE-2020-7685.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7685", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7686.json b/2020/7xxx/CVE-2020-7686.json new file mode 100644 index 00000000000..ed060756093 --- /dev/null +++ b/2020/7xxx/CVE-2020-7686.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7686", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7687.json b/2020/7xxx/CVE-2020-7687.json new file mode 100644 index 00000000000..935c66cb402 --- /dev/null +++ b/2020/7xxx/CVE-2020-7687.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7687", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7688.json b/2020/7xxx/CVE-2020-7688.json new file mode 100644 index 00000000000..3bf32cfc450 --- /dev/null +++ b/2020/7xxx/CVE-2020-7688.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7688", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7689.json b/2020/7xxx/CVE-2020-7689.json new file mode 100644 index 00000000000..1186195eeee --- /dev/null +++ b/2020/7xxx/CVE-2020-7689.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7689", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7690.json b/2020/7xxx/CVE-2020-7690.json new file mode 100644 index 00000000000..240e5030b30 --- /dev/null +++ b/2020/7xxx/CVE-2020-7690.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7690", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7691.json b/2020/7xxx/CVE-2020-7691.json new file mode 100644 index 00000000000..ab987aeaddf --- /dev/null +++ b/2020/7xxx/CVE-2020-7691.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7691", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7692.json b/2020/7xxx/CVE-2020-7692.json new file mode 100644 index 00000000000..c44036b1ccb --- /dev/null +++ b/2020/7xxx/CVE-2020-7692.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7692", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7693.json b/2020/7xxx/CVE-2020-7693.json new file mode 100644 index 00000000000..1db1ec58a40 --- /dev/null +++ b/2020/7xxx/CVE-2020-7693.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7693", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7694.json b/2020/7xxx/CVE-2020-7694.json new file mode 100644 index 00000000000..9dd67c51bb6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7694.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7694", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7695.json b/2020/7xxx/CVE-2020-7695.json new file mode 100644 index 00000000000..a847e5580db --- /dev/null +++ b/2020/7xxx/CVE-2020-7695.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7695", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7696.json b/2020/7xxx/CVE-2020-7696.json new file mode 100644 index 00000000000..5236bcecfeb --- /dev/null +++ b/2020/7xxx/CVE-2020-7696.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7696", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7697.json b/2020/7xxx/CVE-2020-7697.json new file mode 100644 index 00000000000..5f8406c3a5a --- /dev/null +++ b/2020/7xxx/CVE-2020-7697.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7697", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7698.json b/2020/7xxx/CVE-2020-7698.json new file mode 100644 index 00000000000..8da32032142 --- /dev/null +++ b/2020/7xxx/CVE-2020-7698.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7698", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7699.json b/2020/7xxx/CVE-2020-7699.json new file mode 100644 index 00000000000..7f6ac8a8913 --- /dev/null +++ b/2020/7xxx/CVE-2020-7699.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7699", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7700.json b/2020/7xxx/CVE-2020-7700.json new file mode 100644 index 00000000000..771ba36e47e --- /dev/null +++ b/2020/7xxx/CVE-2020-7700.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7700", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7701.json b/2020/7xxx/CVE-2020-7701.json new file mode 100644 index 00000000000..579fff4c8e3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7701.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7701", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7702.json b/2020/7xxx/CVE-2020-7702.json new file mode 100644 index 00000000000..ac22089dfc9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7702.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7702", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7703.json b/2020/7xxx/CVE-2020-7703.json new file mode 100644 index 00000000000..2b8c2a1d8a1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7703.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7703", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7704.json b/2020/7xxx/CVE-2020-7704.json new file mode 100644 index 00000000000..d7623d6376e --- /dev/null +++ b/2020/7xxx/CVE-2020-7704.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7704", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7705.json b/2020/7xxx/CVE-2020-7705.json new file mode 100644 index 00000000000..55955e7bdc3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7705.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7705", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7706.json b/2020/7xxx/CVE-2020-7706.json new file mode 100644 index 00000000000..01b9ac4b2da --- /dev/null +++ b/2020/7xxx/CVE-2020-7706.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7706", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7707.json b/2020/7xxx/CVE-2020-7707.json new file mode 100644 index 00000000000..17dc3c6e35a --- /dev/null +++ b/2020/7xxx/CVE-2020-7707.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7707", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7708.json b/2020/7xxx/CVE-2020-7708.json new file mode 100644 index 00000000000..47997852ad0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7708.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7708", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7709.json b/2020/7xxx/CVE-2020-7709.json new file mode 100644 index 00000000000..fa2c4f2a11f --- /dev/null +++ b/2020/7xxx/CVE-2020-7709.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7709", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7710.json b/2020/7xxx/CVE-2020-7710.json new file mode 100644 index 00000000000..f0f9072f367 --- /dev/null +++ b/2020/7xxx/CVE-2020-7710.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7710", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7711.json b/2020/7xxx/CVE-2020-7711.json new file mode 100644 index 00000000000..b5f75f43564 --- /dev/null +++ b/2020/7xxx/CVE-2020-7711.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7711", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7712.json b/2020/7xxx/CVE-2020-7712.json new file mode 100644 index 00000000000..e9308102f0b --- /dev/null +++ b/2020/7xxx/CVE-2020-7712.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7712", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7713.json b/2020/7xxx/CVE-2020-7713.json new file mode 100644 index 00000000000..d1b08b09d46 --- /dev/null +++ b/2020/7xxx/CVE-2020-7713.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7713", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7714.json b/2020/7xxx/CVE-2020-7714.json new file mode 100644 index 00000000000..f39c38ffa8c --- /dev/null +++ b/2020/7xxx/CVE-2020-7714.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7714", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7715.json b/2020/7xxx/CVE-2020-7715.json new file mode 100644 index 00000000000..aec459928da --- /dev/null +++ b/2020/7xxx/CVE-2020-7715.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7715", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7716.json b/2020/7xxx/CVE-2020-7716.json new file mode 100644 index 00000000000..e42b11e21cc --- /dev/null +++ b/2020/7xxx/CVE-2020-7716.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7716", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7717.json b/2020/7xxx/CVE-2020-7717.json new file mode 100644 index 00000000000..3d6951233e4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7717.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7717", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7718.json b/2020/7xxx/CVE-2020-7718.json new file mode 100644 index 00000000000..68ba4d05492 --- /dev/null +++ b/2020/7xxx/CVE-2020-7718.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7718", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7719.json b/2020/7xxx/CVE-2020-7719.json new file mode 100644 index 00000000000..5c6e6bde538 --- /dev/null +++ b/2020/7xxx/CVE-2020-7719.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7719", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7720.json b/2020/7xxx/CVE-2020-7720.json new file mode 100644 index 00000000000..d91d680f0b4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7720.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7720", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7721.json b/2020/7xxx/CVE-2020-7721.json new file mode 100644 index 00000000000..d7da1327e8a --- /dev/null +++ b/2020/7xxx/CVE-2020-7721.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7721", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7722.json b/2020/7xxx/CVE-2020-7722.json new file mode 100644 index 00000000000..fd8ec2cee75 --- /dev/null +++ b/2020/7xxx/CVE-2020-7722.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7722", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7723.json b/2020/7xxx/CVE-2020-7723.json new file mode 100644 index 00000000000..5b99dd0fcdf --- /dev/null +++ b/2020/7xxx/CVE-2020-7723.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7723", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7724.json b/2020/7xxx/CVE-2020-7724.json new file mode 100644 index 00000000000..37a6bcfa314 --- /dev/null +++ b/2020/7xxx/CVE-2020-7724.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7724", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7725.json b/2020/7xxx/CVE-2020-7725.json new file mode 100644 index 00000000000..89aa21055d2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7725.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7725", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7726.json b/2020/7xxx/CVE-2020-7726.json new file mode 100644 index 00000000000..fb4086115d8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7726.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7726", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7727.json b/2020/7xxx/CVE-2020-7727.json new file mode 100644 index 00000000000..46c568ee1a8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7727.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7727", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7728.json b/2020/7xxx/CVE-2020-7728.json new file mode 100644 index 00000000000..e818947974d --- /dev/null +++ b/2020/7xxx/CVE-2020-7728.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7728", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7729.json b/2020/7xxx/CVE-2020-7729.json new file mode 100644 index 00000000000..ff544be7fe3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7729.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7729", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7730.json b/2020/7xxx/CVE-2020-7730.json new file mode 100644 index 00000000000..c10efe6b1cc --- /dev/null +++ b/2020/7xxx/CVE-2020-7730.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7730", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7731.json b/2020/7xxx/CVE-2020-7731.json new file mode 100644 index 00000000000..d8ed896f488 --- /dev/null +++ b/2020/7xxx/CVE-2020-7731.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7731", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7732.json b/2020/7xxx/CVE-2020-7732.json new file mode 100644 index 00000000000..dc195c318da --- /dev/null +++ b/2020/7xxx/CVE-2020-7732.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7732", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7733.json b/2020/7xxx/CVE-2020-7733.json new file mode 100644 index 00000000000..f0129fbb680 --- /dev/null +++ b/2020/7xxx/CVE-2020-7733.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7733", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7734.json b/2020/7xxx/CVE-2020-7734.json new file mode 100644 index 00000000000..6ced024ae57 --- /dev/null +++ b/2020/7xxx/CVE-2020-7734.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7734", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7735.json b/2020/7xxx/CVE-2020-7735.json new file mode 100644 index 00000000000..39b436e2163 --- /dev/null +++ b/2020/7xxx/CVE-2020-7735.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7735", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7736.json b/2020/7xxx/CVE-2020-7736.json new file mode 100644 index 00000000000..977c8326623 --- /dev/null +++ b/2020/7xxx/CVE-2020-7736.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7736", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7737.json b/2020/7xxx/CVE-2020-7737.json new file mode 100644 index 00000000000..7fc6a2eb957 --- /dev/null +++ b/2020/7xxx/CVE-2020-7737.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7737", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7738.json b/2020/7xxx/CVE-2020-7738.json new file mode 100644 index 00000000000..dbc1a584455 --- /dev/null +++ b/2020/7xxx/CVE-2020-7738.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7738", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7739.json b/2020/7xxx/CVE-2020-7739.json new file mode 100644 index 00000000000..9e07e4d9c83 --- /dev/null +++ b/2020/7xxx/CVE-2020-7739.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7739", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7740.json b/2020/7xxx/CVE-2020-7740.json new file mode 100644 index 00000000000..41762edf2ea --- /dev/null +++ b/2020/7xxx/CVE-2020-7740.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7740", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7741.json b/2020/7xxx/CVE-2020-7741.json new file mode 100644 index 00000000000..0ad2ffe6950 --- /dev/null +++ b/2020/7xxx/CVE-2020-7741.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7741", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7742.json b/2020/7xxx/CVE-2020-7742.json new file mode 100644 index 00000000000..7efcd18ade5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7742.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7742", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7743.json b/2020/7xxx/CVE-2020-7743.json new file mode 100644 index 00000000000..9310fe56daf --- /dev/null +++ b/2020/7xxx/CVE-2020-7743.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7743", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7744.json b/2020/7xxx/CVE-2020-7744.json new file mode 100644 index 00000000000..43eb2cbaf8a --- /dev/null +++ b/2020/7xxx/CVE-2020-7744.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7744", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7745.json b/2020/7xxx/CVE-2020-7745.json new file mode 100644 index 00000000000..5a9b313818d --- /dev/null +++ b/2020/7xxx/CVE-2020-7745.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7745", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7746.json b/2020/7xxx/CVE-2020-7746.json new file mode 100644 index 00000000000..3e184d4d153 --- /dev/null +++ b/2020/7xxx/CVE-2020-7746.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7746", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7747.json b/2020/7xxx/CVE-2020-7747.json new file mode 100644 index 00000000000..90ca93a8ed1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7747.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7747", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7748.json b/2020/7xxx/CVE-2020-7748.json new file mode 100644 index 00000000000..206f749c8e9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7748.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7748", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7749.json b/2020/7xxx/CVE-2020-7749.json new file mode 100644 index 00000000000..0a7144a909e --- /dev/null +++ b/2020/7xxx/CVE-2020-7749.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7749", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7750.json b/2020/7xxx/CVE-2020-7750.json new file mode 100644 index 00000000000..8a13dec5a05 --- /dev/null +++ b/2020/7xxx/CVE-2020-7750.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7750", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7751.json b/2020/7xxx/CVE-2020-7751.json new file mode 100644 index 00000000000..d440c28546b --- /dev/null +++ b/2020/7xxx/CVE-2020-7751.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7751", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7752.json b/2020/7xxx/CVE-2020-7752.json new file mode 100644 index 00000000000..54cf0eef8fa --- /dev/null +++ b/2020/7xxx/CVE-2020-7752.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7752", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7753.json b/2020/7xxx/CVE-2020-7753.json new file mode 100644 index 00000000000..df50a63a867 --- /dev/null +++ b/2020/7xxx/CVE-2020-7753.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7753", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7754.json b/2020/7xxx/CVE-2020-7754.json new file mode 100644 index 00000000000..718f5e9e716 --- /dev/null +++ b/2020/7xxx/CVE-2020-7754.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7754", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7755.json b/2020/7xxx/CVE-2020-7755.json new file mode 100644 index 00000000000..b612c6f0f5b --- /dev/null +++ b/2020/7xxx/CVE-2020-7755.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7755", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7756.json b/2020/7xxx/CVE-2020-7756.json new file mode 100644 index 00000000000..fb1544e2042 --- /dev/null +++ b/2020/7xxx/CVE-2020-7756.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7756", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7757.json b/2020/7xxx/CVE-2020-7757.json new file mode 100644 index 00000000000..c1307fe2223 --- /dev/null +++ b/2020/7xxx/CVE-2020-7757.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7757", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7758.json b/2020/7xxx/CVE-2020-7758.json new file mode 100644 index 00000000000..bc89b5f7f6e --- /dev/null +++ b/2020/7xxx/CVE-2020-7758.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7758", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7759.json b/2020/7xxx/CVE-2020-7759.json new file mode 100644 index 00000000000..75fb7e212fe --- /dev/null +++ b/2020/7xxx/CVE-2020-7759.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7759", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7760.json b/2020/7xxx/CVE-2020-7760.json new file mode 100644 index 00000000000..c268c14469b --- /dev/null +++ b/2020/7xxx/CVE-2020-7760.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7760", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7761.json b/2020/7xxx/CVE-2020-7761.json new file mode 100644 index 00000000000..bf4fe8aab38 --- /dev/null +++ b/2020/7xxx/CVE-2020-7761.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7761", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7762.json b/2020/7xxx/CVE-2020-7762.json new file mode 100644 index 00000000000..4c273ad9c05 --- /dev/null +++ b/2020/7xxx/CVE-2020-7762.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7762", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7763.json b/2020/7xxx/CVE-2020-7763.json new file mode 100644 index 00000000000..1924a80890e --- /dev/null +++ b/2020/7xxx/CVE-2020-7763.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7763", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7764.json b/2020/7xxx/CVE-2020-7764.json new file mode 100644 index 00000000000..2b49fcd8907 --- /dev/null +++ b/2020/7xxx/CVE-2020-7764.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7764", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7765.json b/2020/7xxx/CVE-2020-7765.json new file mode 100644 index 00000000000..2d49b40003c --- /dev/null +++ b/2020/7xxx/CVE-2020-7765.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7765", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7766.json b/2020/7xxx/CVE-2020-7766.json new file mode 100644 index 00000000000..32af07570fe --- /dev/null +++ b/2020/7xxx/CVE-2020-7766.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7766", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7767.json b/2020/7xxx/CVE-2020-7767.json new file mode 100644 index 00000000000..efcec1d38a5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7767.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7767", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7768.json b/2020/7xxx/CVE-2020-7768.json new file mode 100644 index 00000000000..f2906c9be0e --- /dev/null +++ b/2020/7xxx/CVE-2020-7768.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7768", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7769.json b/2020/7xxx/CVE-2020-7769.json new file mode 100644 index 00000000000..ab84ebda6e9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7769.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7769", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7770.json b/2020/7xxx/CVE-2020-7770.json new file mode 100644 index 00000000000..fdb6917d014 --- /dev/null +++ b/2020/7xxx/CVE-2020-7770.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7770", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7771.json b/2020/7xxx/CVE-2020-7771.json new file mode 100644 index 00000000000..3e671409dc1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7771.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7771", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7772.json b/2020/7xxx/CVE-2020-7772.json new file mode 100644 index 00000000000..d1b96a5f7ec --- /dev/null +++ b/2020/7xxx/CVE-2020-7772.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7772", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7773.json b/2020/7xxx/CVE-2020-7773.json new file mode 100644 index 00000000000..6677e4331bd --- /dev/null +++ b/2020/7xxx/CVE-2020-7773.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7773", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7774.json b/2020/7xxx/CVE-2020-7774.json new file mode 100644 index 00000000000..e7d0b5cb4b4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7774.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7774", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7775.json b/2020/7xxx/CVE-2020-7775.json new file mode 100644 index 00000000000..60014a30171 --- /dev/null +++ b/2020/7xxx/CVE-2020-7775.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7775", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7776.json b/2020/7xxx/CVE-2020-7776.json new file mode 100644 index 00000000000..298b8f2aa77 --- /dev/null +++ b/2020/7xxx/CVE-2020-7776.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7776", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7777.json b/2020/7xxx/CVE-2020-7777.json new file mode 100644 index 00000000000..c88b1572789 --- /dev/null +++ b/2020/7xxx/CVE-2020-7777.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7777", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7778.json b/2020/7xxx/CVE-2020-7778.json new file mode 100644 index 00000000000..a30af589fcb --- /dev/null +++ b/2020/7xxx/CVE-2020-7778.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7778", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7779.json b/2020/7xxx/CVE-2020-7779.json new file mode 100644 index 00000000000..b6f19e8fbe4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7779.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7779", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7780.json b/2020/7xxx/CVE-2020-7780.json new file mode 100644 index 00000000000..bc5e667ec35 --- /dev/null +++ b/2020/7xxx/CVE-2020-7780.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7780", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7781.json b/2020/7xxx/CVE-2020-7781.json new file mode 100644 index 00000000000..603ccf716e0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7781.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7781", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7782.json b/2020/7xxx/CVE-2020-7782.json new file mode 100644 index 00000000000..f0a218c5fdb --- /dev/null +++ b/2020/7xxx/CVE-2020-7782.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7782", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7783.json b/2020/7xxx/CVE-2020-7783.json new file mode 100644 index 00000000000..5db32dc5e8b --- /dev/null +++ b/2020/7xxx/CVE-2020-7783.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7783", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7784.json b/2020/7xxx/CVE-2020-7784.json new file mode 100644 index 00000000000..c65231c563b --- /dev/null +++ b/2020/7xxx/CVE-2020-7784.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7784", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7785.json b/2020/7xxx/CVE-2020-7785.json new file mode 100644 index 00000000000..26581201228 --- /dev/null +++ b/2020/7xxx/CVE-2020-7785.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7785", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7786.json b/2020/7xxx/CVE-2020-7786.json new file mode 100644 index 00000000000..f20e1ed8166 --- /dev/null +++ b/2020/7xxx/CVE-2020-7786.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7786", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7787.json b/2020/7xxx/CVE-2020-7787.json new file mode 100644 index 00000000000..6c353c5d862 --- /dev/null +++ b/2020/7xxx/CVE-2020-7787.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7787", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7788.json b/2020/7xxx/CVE-2020-7788.json new file mode 100644 index 00000000000..eba5a055bc6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7788.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7788", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7789.json b/2020/7xxx/CVE-2020-7789.json new file mode 100644 index 00000000000..005c01c27cf --- /dev/null +++ b/2020/7xxx/CVE-2020-7789.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7789", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7790.json b/2020/7xxx/CVE-2020-7790.json new file mode 100644 index 00000000000..3bec1ece53d --- /dev/null +++ b/2020/7xxx/CVE-2020-7790.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7790", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7791.json b/2020/7xxx/CVE-2020-7791.json new file mode 100644 index 00000000000..b4a44c7cfbb --- /dev/null +++ b/2020/7xxx/CVE-2020-7791.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7791", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7792.json b/2020/7xxx/CVE-2020-7792.json new file mode 100644 index 00000000000..e564a3caa32 --- /dev/null +++ b/2020/7xxx/CVE-2020-7792.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7792", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7793.json b/2020/7xxx/CVE-2020-7793.json new file mode 100644 index 00000000000..59bae05c4e4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7793.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7793", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7794.json b/2020/7xxx/CVE-2020-7794.json new file mode 100644 index 00000000000..d939d90c2f7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7794.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7794", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7795.json b/2020/7xxx/CVE-2020-7795.json new file mode 100644 index 00000000000..957ee32f86b --- /dev/null +++ b/2020/7xxx/CVE-2020-7795.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7795", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7796.json b/2020/7xxx/CVE-2020-7796.json new file mode 100644 index 00000000000..5fc935d25c5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7796.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7796", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7797.json b/2020/7xxx/CVE-2020-7797.json new file mode 100644 index 00000000000..fb79061c071 --- /dev/null +++ b/2020/7xxx/CVE-2020-7797.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7797", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7798.json b/2020/7xxx/CVE-2020-7798.json new file mode 100644 index 00000000000..450cdbe1c28 --- /dev/null +++ b/2020/7xxx/CVE-2020-7798.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7798", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7799.json b/2020/7xxx/CVE-2020-7799.json new file mode 100644 index 00000000000..f3d87c7e63b --- /dev/null +++ b/2020/7xxx/CVE-2020-7799.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://fusionauth.io/docs/v1/tech/release-notes", + "refsource": "MISC", + "name": "https://fusionauth.io/docs/v1/tech/release-notes" + }, + { + "refsource": "BUGTRAQ", + "name": "20200127 CVE - CVE-2020-7799 - FusionAuth command execution via Apache Freemarker Template", + "url": "https://seclists.org/bugtraq/2020/Jan/39" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156102/FusionAuth-1.10-Remote-Command-Execution.html", + "url": "http://packetstormsecurity.com/files/156102/FusionAuth-1.10-Remote-Command-Execution.html" + }, + { + "refsource": "MISC", + "name": "https://lab.mediaservice.net/advisory/2020-03-fusionauth.txt", + "url": "https://lab.mediaservice.net/advisory/2020-03-fusionauth.txt" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7800.json b/2020/7xxx/CVE-2020-7800.json new file mode 100644 index 00000000000..00ce42da9f0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7800.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7800", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7801.json b/2020/7xxx/CVE-2020-7801.json new file mode 100644 index 00000000000..3a91a64d963 --- /dev/null +++ b/2020/7xxx/CVE-2020-7801.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7801", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7802.json b/2020/7xxx/CVE-2020-7802.json new file mode 100644 index 00000000000..57ad3a87a07 --- /dev/null +++ b/2020/7xxx/CVE-2020-7802.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7802", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7803.json b/2020/7xxx/CVE-2020-7803.json new file mode 100644 index 00000000000..0f8b026c93f --- /dev/null +++ b/2020/7xxx/CVE-2020-7803.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7803", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7804.json b/2020/7xxx/CVE-2020-7804.json new file mode 100644 index 00000000000..da8a1c4859b --- /dev/null +++ b/2020/7xxx/CVE-2020-7804.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7804", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7805.json b/2020/7xxx/CVE-2020-7805.json new file mode 100644 index 00000000000..7e6c2ae130b --- /dev/null +++ b/2020/7xxx/CVE-2020-7805.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7805", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7806.json b/2020/7xxx/CVE-2020-7806.json new file mode 100644 index 00000000000..3db0c62ed3c --- /dev/null +++ b/2020/7xxx/CVE-2020-7806.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7806", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7807.json b/2020/7xxx/CVE-2020-7807.json new file mode 100644 index 00000000000..9abe1f034c1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7807.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7807", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7808.json b/2020/7xxx/CVE-2020-7808.json new file mode 100644 index 00000000000..d666eb95d99 --- /dev/null +++ b/2020/7xxx/CVE-2020-7808.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7808", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7809.json b/2020/7xxx/CVE-2020-7809.json new file mode 100644 index 00000000000..9c39def3e36 --- /dev/null +++ b/2020/7xxx/CVE-2020-7809.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7809", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7810.json b/2020/7xxx/CVE-2020-7810.json new file mode 100644 index 00000000000..8940b894e84 --- /dev/null +++ b/2020/7xxx/CVE-2020-7810.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7810", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7811.json b/2020/7xxx/CVE-2020-7811.json new file mode 100644 index 00000000000..a11db5de1cf --- /dev/null +++ b/2020/7xxx/CVE-2020-7811.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7811", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7812.json b/2020/7xxx/CVE-2020-7812.json new file mode 100644 index 00000000000..095124fbc60 --- /dev/null +++ b/2020/7xxx/CVE-2020-7812.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7812", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7813.json b/2020/7xxx/CVE-2020-7813.json new file mode 100644 index 00000000000..3d4a3e75a54 --- /dev/null +++ b/2020/7xxx/CVE-2020-7813.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7813", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7814.json b/2020/7xxx/CVE-2020-7814.json new file mode 100644 index 00000000000..7d4e1bac08f --- /dev/null +++ b/2020/7xxx/CVE-2020-7814.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7814", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7815.json b/2020/7xxx/CVE-2020-7815.json new file mode 100644 index 00000000000..3f951c7d79f --- /dev/null +++ b/2020/7xxx/CVE-2020-7815.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7815", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7816.json b/2020/7xxx/CVE-2020-7816.json new file mode 100644 index 00000000000..dfdd55bf8ae --- /dev/null +++ b/2020/7xxx/CVE-2020-7816.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7816", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7817.json b/2020/7xxx/CVE-2020-7817.json new file mode 100644 index 00000000000..cdb99f8bfee --- /dev/null +++ b/2020/7xxx/CVE-2020-7817.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7817", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7818.json b/2020/7xxx/CVE-2020-7818.json new file mode 100644 index 00000000000..5c2479d7193 --- /dev/null +++ b/2020/7xxx/CVE-2020-7818.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7818", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7819.json b/2020/7xxx/CVE-2020-7819.json new file mode 100644 index 00000000000..55d9f549339 --- /dev/null +++ b/2020/7xxx/CVE-2020-7819.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7819", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7820.json b/2020/7xxx/CVE-2020-7820.json new file mode 100644 index 00000000000..4cedfee0af8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7820.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7820", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7821.json b/2020/7xxx/CVE-2020-7821.json new file mode 100644 index 00000000000..489c9efa300 --- /dev/null +++ b/2020/7xxx/CVE-2020-7821.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7821", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7822.json b/2020/7xxx/CVE-2020-7822.json new file mode 100644 index 00000000000..b3a022d57a3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7822.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7822", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7823.json b/2020/7xxx/CVE-2020-7823.json new file mode 100644 index 00000000000..9b0ef3760d0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7823.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7823", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7824.json b/2020/7xxx/CVE-2020-7824.json new file mode 100644 index 00000000000..6d8b85b4667 --- /dev/null +++ b/2020/7xxx/CVE-2020-7824.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7824", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7825.json b/2020/7xxx/CVE-2020-7825.json new file mode 100644 index 00000000000..284525fb5fc --- /dev/null +++ b/2020/7xxx/CVE-2020-7825.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7825", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7826.json b/2020/7xxx/CVE-2020-7826.json new file mode 100644 index 00000000000..bf1239063ba --- /dev/null +++ b/2020/7xxx/CVE-2020-7826.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7826", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7827.json b/2020/7xxx/CVE-2020-7827.json new file mode 100644 index 00000000000..37ed9e063a3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7827.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7827", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7828.json b/2020/7xxx/CVE-2020-7828.json new file mode 100644 index 00000000000..d6afe3008f5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7828.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7828", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7829.json b/2020/7xxx/CVE-2020-7829.json new file mode 100644 index 00000000000..c14fe144ae8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7829.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7829", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7830.json b/2020/7xxx/CVE-2020-7830.json new file mode 100644 index 00000000000..5b8eb3a2098 --- /dev/null +++ b/2020/7xxx/CVE-2020-7830.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7830", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7831.json b/2020/7xxx/CVE-2020-7831.json new file mode 100644 index 00000000000..777ea6e8eaa --- /dev/null +++ b/2020/7xxx/CVE-2020-7831.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7831", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7832.json b/2020/7xxx/CVE-2020-7832.json new file mode 100644 index 00000000000..780ed1f52bb --- /dev/null +++ b/2020/7xxx/CVE-2020-7832.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7832", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7833.json b/2020/7xxx/CVE-2020-7833.json new file mode 100644 index 00000000000..bf43ddc2f0c --- /dev/null +++ b/2020/7xxx/CVE-2020-7833.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7833", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7834.json b/2020/7xxx/CVE-2020-7834.json new file mode 100644 index 00000000000..422f4c8f1bb --- /dev/null +++ b/2020/7xxx/CVE-2020-7834.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7834", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7835.json b/2020/7xxx/CVE-2020-7835.json new file mode 100644 index 00000000000..f212e9924b8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7835.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7835", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7836.json b/2020/7xxx/CVE-2020-7836.json new file mode 100644 index 00000000000..1bcd3717e94 --- /dev/null +++ b/2020/7xxx/CVE-2020-7836.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7836", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7837.json b/2020/7xxx/CVE-2020-7837.json new file mode 100644 index 00000000000..394fe8c4977 --- /dev/null +++ b/2020/7xxx/CVE-2020-7837.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7837", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7838.json b/2020/7xxx/CVE-2020-7838.json new file mode 100644 index 00000000000..525aae20cdc --- /dev/null +++ b/2020/7xxx/CVE-2020-7838.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7838", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7839.json b/2020/7xxx/CVE-2020-7839.json new file mode 100644 index 00000000000..e2593d4ba04 --- /dev/null +++ b/2020/7xxx/CVE-2020-7839.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7839", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7840.json b/2020/7xxx/CVE-2020-7840.json new file mode 100644 index 00000000000..f3f8e9f14a1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7840.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7840", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7841.json b/2020/7xxx/CVE-2020-7841.json new file mode 100644 index 00000000000..3f52643f9b1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7841.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7841", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7842.json b/2020/7xxx/CVE-2020-7842.json new file mode 100644 index 00000000000..cf2fcb6e84c --- /dev/null +++ b/2020/7xxx/CVE-2020-7842.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7842", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7843.json b/2020/7xxx/CVE-2020-7843.json new file mode 100644 index 00000000000..6e516fc699c --- /dev/null +++ b/2020/7xxx/CVE-2020-7843.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7843", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7844.json b/2020/7xxx/CVE-2020-7844.json new file mode 100644 index 00000000000..f00753820d8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7844.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7844", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7845.json b/2020/7xxx/CVE-2020-7845.json new file mode 100644 index 00000000000..67837e4bf5e --- /dev/null +++ b/2020/7xxx/CVE-2020-7845.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7845", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7846.json b/2020/7xxx/CVE-2020-7846.json new file mode 100644 index 00000000000..c6483927114 --- /dev/null +++ b/2020/7xxx/CVE-2020-7846.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7846", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7847.json b/2020/7xxx/CVE-2020-7847.json new file mode 100644 index 00000000000..45f7b5beb24 --- /dev/null +++ b/2020/7xxx/CVE-2020-7847.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7847", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7848.json b/2020/7xxx/CVE-2020-7848.json new file mode 100644 index 00000000000..25a4780cc95 --- /dev/null +++ b/2020/7xxx/CVE-2020-7848.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7848", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7849.json b/2020/7xxx/CVE-2020-7849.json new file mode 100644 index 00000000000..155c5fed740 --- /dev/null +++ b/2020/7xxx/CVE-2020-7849.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7849", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7850.json b/2020/7xxx/CVE-2020-7850.json new file mode 100644 index 00000000000..40126b2100d --- /dev/null +++ b/2020/7xxx/CVE-2020-7850.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7850", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7851.json b/2020/7xxx/CVE-2020-7851.json new file mode 100644 index 00000000000..446d0d4fba7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7851.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7851", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7852.json b/2020/7xxx/CVE-2020-7852.json new file mode 100644 index 00000000000..3b14d652982 --- /dev/null +++ b/2020/7xxx/CVE-2020-7852.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7852", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7853.json b/2020/7xxx/CVE-2020-7853.json new file mode 100644 index 00000000000..24f02bf95e6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7853.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7853", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7854.json b/2020/7xxx/CVE-2020-7854.json new file mode 100644 index 00000000000..1b1a8044910 --- /dev/null +++ b/2020/7xxx/CVE-2020-7854.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7854", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7855.json b/2020/7xxx/CVE-2020-7855.json new file mode 100644 index 00000000000..ba0375e6311 --- /dev/null +++ b/2020/7xxx/CVE-2020-7855.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7855", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7856.json b/2020/7xxx/CVE-2020-7856.json new file mode 100644 index 00000000000..5d03cac2ef7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7856.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7856", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7857.json b/2020/7xxx/CVE-2020-7857.json new file mode 100644 index 00000000000..97d5abe4f44 --- /dev/null +++ b/2020/7xxx/CVE-2020-7857.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7857", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7858.json b/2020/7xxx/CVE-2020-7858.json new file mode 100644 index 00000000000..953c6ad90c6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7858.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7858", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7859.json b/2020/7xxx/CVE-2020-7859.json new file mode 100644 index 00000000000..c2b826282b5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7859.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7859", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7860.json b/2020/7xxx/CVE-2020-7860.json new file mode 100644 index 00000000000..71ee0b15932 --- /dev/null +++ b/2020/7xxx/CVE-2020-7860.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7860", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7861.json b/2020/7xxx/CVE-2020-7861.json new file mode 100644 index 00000000000..5d4467af914 --- /dev/null +++ b/2020/7xxx/CVE-2020-7861.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7861", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7862.json b/2020/7xxx/CVE-2020-7862.json new file mode 100644 index 00000000000..af72b91013f --- /dev/null +++ b/2020/7xxx/CVE-2020-7862.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7862", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7863.json b/2020/7xxx/CVE-2020-7863.json new file mode 100644 index 00000000000..350a5d60ab7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7863.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7863", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7864.json b/2020/7xxx/CVE-2020-7864.json new file mode 100644 index 00000000000..648ee4d1731 --- /dev/null +++ b/2020/7xxx/CVE-2020-7864.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7864", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7865.json b/2020/7xxx/CVE-2020-7865.json new file mode 100644 index 00000000000..f795646627a --- /dev/null +++ b/2020/7xxx/CVE-2020-7865.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7865", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7866.json b/2020/7xxx/CVE-2020-7866.json new file mode 100644 index 00000000000..4d748ff9daf --- /dev/null +++ b/2020/7xxx/CVE-2020-7866.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7866", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7867.json b/2020/7xxx/CVE-2020-7867.json new file mode 100644 index 00000000000..bf35240eb2a --- /dev/null +++ b/2020/7xxx/CVE-2020-7867.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7867", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7868.json b/2020/7xxx/CVE-2020-7868.json new file mode 100644 index 00000000000..528b03a88de --- /dev/null +++ b/2020/7xxx/CVE-2020-7868.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7868", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7869.json b/2020/7xxx/CVE-2020-7869.json new file mode 100644 index 00000000000..b62c02a47d6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7869.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7869", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7870.json b/2020/7xxx/CVE-2020-7870.json new file mode 100644 index 00000000000..2d6f6f88e61 --- /dev/null +++ b/2020/7xxx/CVE-2020-7870.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7870", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7871.json b/2020/7xxx/CVE-2020-7871.json new file mode 100644 index 00000000000..6eefcf82770 --- /dev/null +++ b/2020/7xxx/CVE-2020-7871.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7871", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7872.json b/2020/7xxx/CVE-2020-7872.json new file mode 100644 index 00000000000..d9762209b7b --- /dev/null +++ b/2020/7xxx/CVE-2020-7872.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7872", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7873.json b/2020/7xxx/CVE-2020-7873.json new file mode 100644 index 00000000000..e6901b7fc06 --- /dev/null +++ b/2020/7xxx/CVE-2020-7873.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7873", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7874.json b/2020/7xxx/CVE-2020-7874.json new file mode 100644 index 00000000000..d2b54c929e7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7874.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7874", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7875.json b/2020/7xxx/CVE-2020-7875.json new file mode 100644 index 00000000000..65ff46933fc --- /dev/null +++ b/2020/7xxx/CVE-2020-7875.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7875", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7876.json b/2020/7xxx/CVE-2020-7876.json new file mode 100644 index 00000000000..8b3f80a27f8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7876.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7876", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7877.json b/2020/7xxx/CVE-2020-7877.json new file mode 100644 index 00000000000..ef83c7bb6ce --- /dev/null +++ b/2020/7xxx/CVE-2020-7877.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7877", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7878.json b/2020/7xxx/CVE-2020-7878.json new file mode 100644 index 00000000000..4bd5a34ace4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7878.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7878", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7879.json b/2020/7xxx/CVE-2020-7879.json new file mode 100644 index 00000000000..7024eff19ad --- /dev/null +++ b/2020/7xxx/CVE-2020-7879.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7879", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7880.json b/2020/7xxx/CVE-2020-7880.json new file mode 100644 index 00000000000..8abf86209e5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7880.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7880", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7881.json b/2020/7xxx/CVE-2020-7881.json new file mode 100644 index 00000000000..f2aeea41cfe --- /dev/null +++ b/2020/7xxx/CVE-2020-7881.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7881", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7882.json b/2020/7xxx/CVE-2020-7882.json new file mode 100644 index 00000000000..769a82fa5a4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7882.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7882", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7883.json b/2020/7xxx/CVE-2020-7883.json new file mode 100644 index 00000000000..c2efa8fe8c1 --- /dev/null +++ b/2020/7xxx/CVE-2020-7883.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7883", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7884.json b/2020/7xxx/CVE-2020-7884.json new file mode 100644 index 00000000000..df88e359d15 --- /dev/null +++ b/2020/7xxx/CVE-2020-7884.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7884", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7885.json b/2020/7xxx/CVE-2020-7885.json new file mode 100644 index 00000000000..07990a605ed --- /dev/null +++ b/2020/7xxx/CVE-2020-7885.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7885", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7886.json b/2020/7xxx/CVE-2020-7886.json new file mode 100644 index 00000000000..8fa9e8e2d37 --- /dev/null +++ b/2020/7xxx/CVE-2020-7886.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7886", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7887.json b/2020/7xxx/CVE-2020-7887.json new file mode 100644 index 00000000000..afaaf30b4e7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7887.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7887", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7888.json b/2020/7xxx/CVE-2020-7888.json new file mode 100644 index 00000000000..e1322d508d2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7888.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7888", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7889.json b/2020/7xxx/CVE-2020-7889.json new file mode 100644 index 00000000000..88ce486b7fa --- /dev/null +++ b/2020/7xxx/CVE-2020-7889.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7889", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7890.json b/2020/7xxx/CVE-2020-7890.json new file mode 100644 index 00000000000..166f9a82364 --- /dev/null +++ b/2020/7xxx/CVE-2020-7890.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7890", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7891.json b/2020/7xxx/CVE-2020-7891.json new file mode 100644 index 00000000000..80e815660c5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7891.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7891", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7892.json b/2020/7xxx/CVE-2020-7892.json new file mode 100644 index 00000000000..8a64a656669 --- /dev/null +++ b/2020/7xxx/CVE-2020-7892.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7892", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7893.json b/2020/7xxx/CVE-2020-7893.json new file mode 100644 index 00000000000..ff73416a2db --- /dev/null +++ b/2020/7xxx/CVE-2020-7893.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7893", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7894.json b/2020/7xxx/CVE-2020-7894.json new file mode 100644 index 00000000000..75a4808baeb --- /dev/null +++ b/2020/7xxx/CVE-2020-7894.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7894", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7895.json b/2020/7xxx/CVE-2020-7895.json new file mode 100644 index 00000000000..6a8edc50cce --- /dev/null +++ b/2020/7xxx/CVE-2020-7895.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7895", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7896.json b/2020/7xxx/CVE-2020-7896.json new file mode 100644 index 00000000000..1f92a423493 --- /dev/null +++ b/2020/7xxx/CVE-2020-7896.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7896", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7897.json b/2020/7xxx/CVE-2020-7897.json new file mode 100644 index 00000000000..c7305990e53 --- /dev/null +++ b/2020/7xxx/CVE-2020-7897.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7897", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7898.json b/2020/7xxx/CVE-2020-7898.json new file mode 100644 index 00000000000..208fab80825 --- /dev/null +++ b/2020/7xxx/CVE-2020-7898.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7898", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7899.json b/2020/7xxx/CVE-2020-7899.json new file mode 100644 index 00000000000..745f39c7c66 --- /dev/null +++ b/2020/7xxx/CVE-2020-7899.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7899", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7900.json b/2020/7xxx/CVE-2020-7900.json new file mode 100644 index 00000000000..66ef118659c --- /dev/null +++ b/2020/7xxx/CVE-2020-7900.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7900", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7901.json b/2020/7xxx/CVE-2020-7901.json new file mode 100644 index 00000000000..915ab999180 --- /dev/null +++ b/2020/7xxx/CVE-2020-7901.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7901", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7902.json b/2020/7xxx/CVE-2020-7902.json new file mode 100644 index 00000000000..efb0524739c --- /dev/null +++ b/2020/7xxx/CVE-2020-7902.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7902", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7903.json b/2020/7xxx/CVE-2020-7903.json new file mode 100644 index 00000000000..afc73b62d4c --- /dev/null +++ b/2020/7xxx/CVE-2020-7903.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7903", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7904.json b/2020/7xxx/CVE-2020-7904.json new file mode 100644 index 00000000000..6c411f7b530 --- /dev/null +++ b/2020/7xxx/CVE-2020-7904.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7904", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7905.json b/2020/7xxx/CVE-2020-7905.json new file mode 100644 index 00000000000..a1f759d07b8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7905.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7905", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7906.json b/2020/7xxx/CVE-2020-7906.json new file mode 100644 index 00000000000..38ae78d0a79 --- /dev/null +++ b/2020/7xxx/CVE-2020-7906.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7906", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7907.json b/2020/7xxx/CVE-2020-7907.json new file mode 100644 index 00000000000..a574a24fd7b --- /dev/null +++ b/2020/7xxx/CVE-2020-7907.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7907", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7908.json b/2020/7xxx/CVE-2020-7908.json new file mode 100644 index 00000000000..f06fa696f26 --- /dev/null +++ b/2020/7xxx/CVE-2020-7908.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7908", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7909.json b/2020/7xxx/CVE-2020-7909.json new file mode 100644 index 00000000000..e23f1fa6894 --- /dev/null +++ b/2020/7xxx/CVE-2020-7909.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7909", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7910.json b/2020/7xxx/CVE-2020-7910.json new file mode 100644 index 00000000000..7d7cfd53f71 --- /dev/null +++ b/2020/7xxx/CVE-2020-7910.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7910", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7911.json b/2020/7xxx/CVE-2020-7911.json new file mode 100644 index 00000000000..6e85dc61f0b --- /dev/null +++ b/2020/7xxx/CVE-2020-7911.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7911", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7912.json b/2020/7xxx/CVE-2020-7912.json new file mode 100644 index 00000000000..8d6772a7b73 --- /dev/null +++ b/2020/7xxx/CVE-2020-7912.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7912", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7913.json b/2020/7xxx/CVE-2020-7913.json new file mode 100644 index 00000000000..abbd988ba56 --- /dev/null +++ b/2020/7xxx/CVE-2020-7913.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7913", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7914.json b/2020/7xxx/CVE-2020-7914.json new file mode 100644 index 00000000000..d36e59a4da3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7914.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7914", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7915.json b/2020/7xxx/CVE-2020-7915.json new file mode 100644 index 00000000000..430b3f1b497 --- /dev/null +++ b/2020/7xxx/CVE-2020-7915.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI field allows XSS attacks by an administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/eaton-authenticated-stored-cross-site.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/eaton-authenticated-stored-cross-site.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7916.json b/2020/7xxx/CVE-2020-7916.json new file mode 100644 index 00000000000..f9b26146178 --- /dev/null +++ b/2020/7xxx/CVE-2020-7916.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7916", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7917.json b/2020/7xxx/CVE-2020-7917.json new file mode 100644 index 00000000000..0b121199c9f --- /dev/null +++ b/2020/7xxx/CVE-2020-7917.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7917", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7918.json b/2020/7xxx/CVE-2020-7918.json new file mode 100644 index 00000000000..291846da119 --- /dev/null +++ b/2020/7xxx/CVE-2020-7918.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7918", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7919.json b/2020/7xxx/CVE-2020-7919.json new file mode 100644 index 00000000000..4cd4685c8e6 --- /dev/null +++ b/2020/7xxx/CVE-2020-7919.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7919", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7920.json b/2020/7xxx/CVE-2020-7920.json new file mode 100644 index 00000000000..0e8643a8a63 --- /dev/null +++ b/2020/7xxx/CVE-2020-7920.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7920", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7921.json b/2020/7xxx/CVE-2020-7921.json new file mode 100644 index 00000000000..b67f8d4149b --- /dev/null +++ b/2020/7xxx/CVE-2020-7921.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7921", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7922.json b/2020/7xxx/CVE-2020-7922.json new file mode 100644 index 00000000000..8d18edd78fe --- /dev/null +++ b/2020/7xxx/CVE-2020-7922.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7922", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7923.json b/2020/7xxx/CVE-2020-7923.json new file mode 100644 index 00000000000..caf4144cbe3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7923.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7923", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7924.json b/2020/7xxx/CVE-2020-7924.json new file mode 100644 index 00000000000..4299fb19c57 --- /dev/null +++ b/2020/7xxx/CVE-2020-7924.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7924", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7925.json b/2020/7xxx/CVE-2020-7925.json new file mode 100644 index 00000000000..18cd68277e0 --- /dev/null +++ b/2020/7xxx/CVE-2020-7925.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7925", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7926.json b/2020/7xxx/CVE-2020-7926.json new file mode 100644 index 00000000000..caf2f04621f --- /dev/null +++ b/2020/7xxx/CVE-2020-7926.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7926", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7927.json b/2020/7xxx/CVE-2020-7927.json new file mode 100644 index 00000000000..e3ac42332ac --- /dev/null +++ b/2020/7xxx/CVE-2020-7927.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7927", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7928.json b/2020/7xxx/CVE-2020-7928.json new file mode 100644 index 00000000000..7bb73d76da4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7928.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7928", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7929.json b/2020/7xxx/CVE-2020-7929.json new file mode 100644 index 00000000000..3cd9f4e73f7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7929.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7929", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7930.json b/2020/7xxx/CVE-2020-7930.json new file mode 100644 index 00000000000..af8ee8e6b35 --- /dev/null +++ b/2020/7xxx/CVE-2020-7930.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7930", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7931.json b/2020/7xxx/CVE-2020-7931.json new file mode 100644 index 00000000000..7f9b3346759 --- /dev/null +++ b/2020/7xxx/CVE-2020-7931.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain Java functions accessible to a template." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2019-0006.md", + "refsource": "MISC", + "name": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2019-0006.md" + }, + { + "refsource": "MISC", + "name": "https://www.jfrog.com/confluence/display/RTF/Release+Notes", + "url": "https://www.jfrog.com/confluence/display/RTF/Release+Notes" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7932.json b/2020/7xxx/CVE-2020-7932.json new file mode 100644 index 00000000000..30382a19ce8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7932.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7932", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7933.json b/2020/7xxx/CVE-2020-7933.json new file mode 100644 index 00000000000..ded29b85d81 --- /dev/null +++ b/2020/7xxx/CVE-2020-7933.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7933", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7934.json b/2020/7xxx/CVE-2020-7934.json new file mode 100644 index 00000000000..45608ee5601 --- /dev/null +++ b/2020/7xxx/CVE-2020-7934.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://semanticbits.com/liferay-portal-authenticated-xss-disclosure/", + "url": "https://semanticbits.com/liferay-portal-authenticated-xss-disclosure/" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7935.json b/2020/7xxx/CVE-2020-7935.json new file mode 100644 index 00000000000..443f661b93e --- /dev/null +++ b/2020/7xxx/CVE-2020-7935.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7935", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7936.json b/2020/7xxx/CVE-2020-7936.json new file mode 100644 index 00000000000..4c14ad42199 --- /dev/null +++ b/2020/7xxx/CVE-2020-7936.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7936", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an attacker to craft a link to a Plone Site that, when followed, and possibly after login, will redirect to an attacker's site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121/an-open-redirection-on-the-login-form-and-possibly-other-places" + }, + { + "url": "https://plone.org/security/hotfix/20200121", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/01/22/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200124 Re: Plone security hotfix 20200121", + "url": "http://www.openwall.com/lists/oss-security/2020/01/24/1" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7937.json b/2020/7xxx/CVE-2020-7937.json new file mode 100644 index 00000000000..bd7d5d30104 --- /dev/null +++ b/2020/7xxx/CVE-2020-7937.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege level to insert JavaScript that will be executed when other users access the site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://plone.org/security/hotfix/20200121", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/01/22/1" + }, + { + "url": "https://plone.org/security/hotfix/20200121/xss-in-the-title-field-on-plone-5-0-and-higher", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121/xss-in-the-title-field-on-plone-5-0-and-higher" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200124 Re: Plone security hotfix 20200121", + "url": "http://www.openwall.com/lists/oss-security/2020/01/24/1" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7938.json b/2020/7xxx/CVE-2020-7938.json new file mode 100644 index 00000000000..8f0915d0273 --- /dev/null +++ b/2020/7xxx/CVE-2020-7938.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7938", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://plone.org/security/hotfix/20200121", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/01/22/1" + }, + { + "url": "https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121/privilege-escalation-when-plone-restapi-is-installed" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200124 Re: Plone security hotfix 20200121", + "url": "http://www.openwall.com/lists/oss-security/2020/01/24/1" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7939.json b/2020/7xxx/CVE-2020-7939.json new file mode 100644 index 00000000000..40a50121a21 --- /dev/null +++ b/2020/7xxx/CVE-2020-7939.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7939", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. (This is a problem in Zope.)" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://plone.org/security/hotfix/20200121", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/01/22/1" + }, + { + "url": "https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121/sql-injection-in-dtml-or-in-connection-objects" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200124 Re: Plone security hotfix 20200121", + "url": "http://www.openwall.com/lists/oss-security/2020/01/24/1" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7940.json b/2020/7xxx/CVE-2020-7940.json new file mode 100644 index 00000000000..65e3849e9fc --- /dev/null +++ b/2020/7xxx/CVE-2020-7940.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak passwords, leading to easier cracking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://plone.org/security/hotfix/20200121", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/01/22/1" + }, + { + "url": "https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121/password-strength-checks-were-not-always-checked" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200124 Re: Plone security hotfix 20200121", + "url": "http://www.openwall.com/lists/oss-security/2020/01/24/1" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7941.json b/2020/7xxx/CVE-2020-7941.json new file mode 100644 index 00000000000..0f4962a45e2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7941.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://plone.org/security/hotfix/20200121", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2020/01/22/1", + "refsource": "MISC", + "name": "https://www.openwall.com/lists/oss-security/2020/01/22/1" + }, + { + "url": "https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content", + "refsource": "MISC", + "name": "https://plone.org/security/hotfix/20200121/privilege-escalation-for-overwriting-content" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20200124 Re: Plone security hotfix 20200121", + "url": "http://www.openwall.com/lists/oss-security/2020/01/24/1" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7942.json b/2020/7xxx/CVE-2020-7942.json new file mode 100644 index 00000000000..f489597c850 --- /dev/null +++ b/2020/7xxx/CVE-2020-7942.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7942", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7943.json b/2020/7xxx/CVE-2020-7943.json new file mode 100644 index 00000000000..55446399ed4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7943.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7943", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7944.json b/2020/7xxx/CVE-2020-7944.json new file mode 100644 index 00000000000..4789ac00023 --- /dev/null +++ b/2020/7xxx/CVE-2020-7944.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7944", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7945.json b/2020/7xxx/CVE-2020-7945.json new file mode 100644 index 00000000000..9ca281e5ab4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7945.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7945", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7946.json b/2020/7xxx/CVE-2020-7946.json new file mode 100644 index 00000000000..1ccc7c000d3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7946.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7946", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7947.json b/2020/7xxx/CVE-2020-7947.json new file mode 100644 index 00000000000..cf2bb420877 --- /dev/null +++ b/2020/7xxx/CVE-2020-7947.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7947", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7948.json b/2020/7xxx/CVE-2020-7948.json new file mode 100644 index 00000000000..4d7b00be497 --- /dev/null +++ b/2020/7xxx/CVE-2020-7948.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7948", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7949.json b/2020/7xxx/CVE-2020-7949.json new file mode 100644 index 00000000000..82eaa42a5cc --- /dev/null +++ b/2020/7xxx/CVE-2020-7949.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/bi7s/CVE/tree/master/CVE-2020-7949", + "url": "https://github.com/bi7s/CVE/tree/master/CVE-2020-7949" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7950.json b/2020/7xxx/CVE-2020-7950.json new file mode 100644 index 00000000000..90443cac20e --- /dev/null +++ b/2020/7xxx/CVE-2020-7950.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a vulnerable function call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/bi7s/CVE/tree/master/CVE-2020-7950", + "url": "https://github.com/bi7s/CVE/tree/master/CVE-2020-7950" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7951.json b/2020/7xxx/CVE-2020-7951.json new file mode 100644 index 00000000000..755ba84a29a --- /dev/null +++ b/2020/7xxx/CVE-2020-7951.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/bi7s/CVE/tree/master/CVE-2020-7951", + "url": "https://github.com/bi7s/CVE/tree/master/CVE-2020-7951" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7952.json b/2020/7xxx/CVE-2020-7952.json new file mode 100644 index 00000000000..2517ded7f41 --- /dev/null +++ b/2020/7xxx/CVE-2020-7952.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/bi7s/CVE/tree/master/CVE-2020-7952", + "url": "https://github.com/bi7s/CVE/tree/master/CVE-2020-7952" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7953.json b/2020/7xxx/CVE-2020-7953.json new file mode 100644 index 00000000000..7112ad9dd53 --- /dev/null +++ b/2020/7xxx/CVE-2020-7953.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7953", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7954.json b/2020/7xxx/CVE-2020-7954.json new file mode 100644 index 00000000000..c0acbb64121 --- /dev/null +++ b/2020/7xxx/CVE-2020-7954.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7954", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7955.json b/2020/7xxx/CVE-2020-7955.json new file mode 100644 index 00000000000..80cb63792ab --- /dev/null +++ b/2020/7xxx/CVE-2020-7955.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7955", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7956.json b/2020/7xxx/CVE-2020-7956.json new file mode 100644 index 00000000000..e77f7995fba --- /dev/null +++ b/2020/7xxx/CVE-2020-7956.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7956", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7957.json b/2020/7xxx/CVE-2020-7957.json new file mode 100644 index 00000000000..1a405df7970 --- /dev/null +++ b/2020/7xxx/CVE-2020-7957.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7957", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7958.json b/2020/7xxx/CVE-2020-7958.json new file mode 100644 index 00000000000..c64760e7203 --- /dev/null +++ b/2020/7xxx/CVE-2020-7958.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7958", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7959.json b/2020/7xxx/CVE-2020-7959.json new file mode 100644 index 00000000000..3886183a40d --- /dev/null +++ b/2020/7xxx/CVE-2020-7959.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7959", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7960.json b/2020/7xxx/CVE-2020-7960.json new file mode 100644 index 00000000000..bbd3022b3a8 --- /dev/null +++ b/2020/7xxx/CVE-2020-7960.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7960", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7961.json b/2020/7xxx/CVE-2020-7961.json new file mode 100644 index 00000000000..3b0fb08dc0d --- /dev/null +++ b/2020/7xxx/CVE-2020-7961.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7961", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7962.json b/2020/7xxx/CVE-2020-7962.json new file mode 100644 index 00000000000..bd8f2c181e4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7962.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7962", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7963.json b/2020/7xxx/CVE-2020-7963.json new file mode 100644 index 00000000000..a5b2c0181c4 --- /dev/null +++ b/2020/7xxx/CVE-2020-7963.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7963", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7964.json b/2020/7xxx/CVE-2020-7964.json new file mode 100644 index 00000000000..f2e57032384 --- /dev/null +++ b/2020/7xxx/CVE-2020-7964.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7964", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkoutCustomerAttach mutations allows attackers to attach their checkouts to any user ID and consequently leak user data (e.g., name, address, and previous orders of any other customer)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/mirumee/saleor/commit/233b8890c60fa6d90daf99e4d90fea85867732c3", + "refsource": "MISC", + "name": "https://github.com/mirumee/saleor/commit/233b8890c60fa6d90daf99e4d90fea85867732c3" + }, + { + "url": "https://github.com/mirumee/saleor/releases/tag/2.9.1", + "refsource": "MISC", + "name": "https://github.com/mirumee/saleor/releases/tag/2.9.1" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7965.json b/2020/7xxx/CVE-2020-7965.json new file mode 100644 index 00000000000..e17418826a5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7965.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7965", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7966.json b/2020/7xxx/CVE-2020-7966.json new file mode 100644 index 00000000000..1fcec07d40b --- /dev/null +++ b/2020/7xxx/CVE-2020-7966.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7966", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7967.json b/2020/7xxx/CVE-2020-7967.json new file mode 100644 index 00000000000..c347aa6a9a2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7967.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7967", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7968.json b/2020/7xxx/CVE-2020-7968.json new file mode 100644 index 00000000000..cd53def4693 --- /dev/null +++ b/2020/7xxx/CVE-2020-7968.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7968", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7969.json b/2020/7xxx/CVE-2020-7969.json new file mode 100644 index 00000000000..7d0dcb61853 --- /dev/null +++ b/2020/7xxx/CVE-2020-7969.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7969", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7970.json b/2020/7xxx/CVE-2020-7970.json new file mode 100644 index 00000000000..1b03ef9a16a --- /dev/null +++ b/2020/7xxx/CVE-2020-7970.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7970", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7971.json b/2020/7xxx/CVE-2020-7971.json new file mode 100644 index 00000000000..ef43611e8b9 --- /dev/null +++ b/2020/7xxx/CVE-2020-7971.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7971", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7972.json b/2020/7xxx/CVE-2020-7972.json new file mode 100644 index 00000000000..d135619f247 --- /dev/null +++ b/2020/7xxx/CVE-2020-7972.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7972", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7973.json b/2020/7xxx/CVE-2020-7973.json new file mode 100644 index 00000000000..ab133e86132 --- /dev/null +++ b/2020/7xxx/CVE-2020-7973.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7973", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7974.json b/2020/7xxx/CVE-2020-7974.json new file mode 100644 index 00000000000..0ce7d08bcee --- /dev/null +++ b/2020/7xxx/CVE-2020-7974.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7974", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7975.json b/2020/7xxx/CVE-2020-7975.json new file mode 100644 index 00000000000..fc08a86d412 --- /dev/null +++ b/2020/7xxx/CVE-2020-7975.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7975", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7976.json b/2020/7xxx/CVE-2020-7976.json new file mode 100644 index 00000000000..a2e74f981cb --- /dev/null +++ b/2020/7xxx/CVE-2020-7976.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7976", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7977.json b/2020/7xxx/CVE-2020-7977.json new file mode 100644 index 00000000000..8b278845071 --- /dev/null +++ b/2020/7xxx/CVE-2020-7977.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7977", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7978.json b/2020/7xxx/CVE-2020-7978.json new file mode 100644 index 00000000000..254b8bc4f7c --- /dev/null +++ b/2020/7xxx/CVE-2020-7978.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7978", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7979.json b/2020/7xxx/CVE-2020-7979.json new file mode 100644 index 00000000000..bf229470ac5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7979.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7979", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7980.json b/2020/7xxx/CVE-2020-7980.json new file mode 100644 index 00000000000..09a2b553665 --- /dev/null +++ b/2020/7xxx/CVE-2020-7980.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7980", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/intellian-aptus-web-rce-intellian.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/intellian-aptus-web-rce-intellian.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7981.json b/2020/7xxx/CVE-2020-7981.json new file mode 100644 index 00000000000..f5c9538b58c --- /dev/null +++ b/2020/7xxx/CVE-2020-7981.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7981", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613", + "refsource": "MISC", + "name": "https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613" + }, + { + "url": "https://github.com/alexreisner/geocoder/compare/v1.6.0...v1.6.1", + "refsource": "MISC", + "name": "https://github.com/alexreisner/geocoder/compare/v1.6.0...v1.6.1" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7982.json b/2020/7xxx/CVE-2020-7982.json new file mode 100644 index 00000000000..6a9a431e467 --- /dev/null +++ b/2020/7xxx/CVE-2020-7982.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7982", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7983.json b/2020/7xxx/CVE-2020-7983.json new file mode 100644 index 00000000000..689bc1cbd90 --- /dev/null +++ b/2020/7xxx/CVE-2020-7983.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7983", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7984.json b/2020/7xxx/CVE-2020-7984.json new file mode 100644 index 00000000000..f190d69c8d5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7984.json @@ -0,0 +1,97 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.huntresslabs.com/validating-the-solarwinds-n-central-dumpster-diver-vulnerability-5e3a045982e5", + "refsource": "MISC", + "name": "https://blog.huntresslabs.com/validating-the-solarwinds-n-central-dumpster-diver-vulnerability-5e3a045982e5" + }, + { + "url": "https://www.crn.com/news/managed-services/solarwinds-rmm-tool-has-open-zero-day-exploit-huntress-labs", + "refsource": "MISC", + "name": "https://www.crn.com/news/managed-services/solarwinds-rmm-tool-has-open-zero-day-exploit-huntress-labs" + }, + { + "url": "https://success.solarwindsmsp.com/kb/solarwinds_n-central/How-to-Expunge-credentials-for-Customer-levels-of-SolarWinds-N-central", + "refsource": "MISC", + "name": "https://success.solarwindsmsp.com/kb/solarwinds_n-central/How-to-Expunge-credentials-for-Customer-levels-of-SolarWinds-N-central" + }, + { + "url": "https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-2-SP1-HF2", + "refsource": "MISC", + "name": "https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-2-SP1-HF2" + }, + { + "url": "https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-1-SP1-HF5", + "refsource": "MISC", + "name": "https://community.solarwindsmsp.com/Support/Software-Downloads/MSP-N-Central/MSP-N-central-12-1-SP1-HF5" + }, + { + "url": "https://github.com/flipflopfpv", + "refsource": "MISC", + "name": "https://github.com/flipflopfpv" + }, + { + "url": "https://packetstormsecurity.com/files/156033", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/156033" + }, + { + "url": "https://twitter.com/SecurityNewsbot/status/1219722631898812416", + "refsource": "MISC", + "name": "https://twitter.com/SecurityNewsbot/status/1219722631898812416" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7985.json b/2020/7xxx/CVE-2020-7985.json new file mode 100644 index 00000000000..be4f245a5a7 --- /dev/null +++ b/2020/7xxx/CVE-2020-7985.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7985", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7986.json b/2020/7xxx/CVE-2020-7986.json new file mode 100644 index 00000000000..4b633511147 --- /dev/null +++ b/2020/7xxx/CVE-2020-7986.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7986", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7987.json b/2020/7xxx/CVE-2020-7987.json new file mode 100644 index 00000000000..6e2dbd74b91 --- /dev/null +++ b/2020/7xxx/CVE-2020-7987.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7987", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7988.json b/2020/7xxx/CVE-2020-7988.json new file mode 100644 index 00000000000..3e110402367 --- /dev/null +++ b/2020/7xxx/CVE-2020-7988.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7988", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7989.json b/2020/7xxx/CVE-2020-7989.json new file mode 100644 index 00000000000..3bff7d332cc --- /dev/null +++ b/2020/7xxx/CVE-2020-7989.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7989", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adive Framework 2.0.8 has admin/user/add userUsername XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/47946", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/47946" + }, + { + "url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md", + "refsource": "MISC", + "name": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7990.json b/2020/7xxx/CVE-2020-7990.json new file mode 100644 index 00000000000..a3e2dc28309 --- /dev/null +++ b/2020/7xxx/CVE-2020-7990.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7990", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adive Framework 2.0.8 has admin/user/add userName XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/47946", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/47946" + }, + { + "url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md", + "refsource": "MISC", + "name": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7991.json b/2020/7xxx/CVE-2020-7991.json new file mode 100644 index 00000000000..ad0501e84b3 --- /dev/null +++ b/2020/7xxx/CVE-2020-7991.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.exploit-db.com/exploits/47946", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/47946" + }, + { + "url": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md", + "refsource": "MISC", + "name": "https://github.com/ferdinandmartin/adive-php7/blob/master/README.md" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/156106/Adive-Framework-2.0.8-Cross-Site-Request-Forgery.html", + "url": "http://packetstormsecurity.com/files/156106/Adive-Framework-2.0.8-Cross-Site-Request-Forgery.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7992.json b/2020/7xxx/CVE-2020-7992.json new file mode 100644 index 00000000000..0559f8745c2 --- /dev/null +++ b/2020/7xxx/CVE-2020-7992.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7992", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7993.json b/2020/7xxx/CVE-2020-7993.json new file mode 100644 index 00000000000..b2cdc93ea55 --- /dev/null +++ b/2020/7xxx/CVE-2020-7993.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-7993", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7994.json b/2020/7xxx/CVE-2020-7994.json new file mode 100644 index 00000000000..6434c33416f --- /dev/null +++ b/2020/7xxx/CVE-2020-7994.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) label[libelle] parameter to the /htdocs/admin/dict.php?id=3 page; the (2) name[constname] parameter to the /htdocs/admin/const.php?mainmenu=home page; the (3) note[note] parameter to the /htdocs/admin/dict.php?id=10 page; the (4) zip[MAIN_INFO_SOCIETE_ZIP] or email[mail] parameter to the /htdocs/admin/company.php page; the (5) url[defaulturl], field[defaultkey], or value[defaultvalue] parameter to the /htdocs/admin/defaultvalues.php page; the (6) key[transkey] or key[transvalue] parameter to the /htdocs/admin/translation.php page; or the (7) [main_motd] or [main_home] parameter to the /htdocs/admin/ihm.php page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://tufangungor.github.io/0days", + "refsource": "MISC", + "name": "https://tufangungor.github.io/0days" + }, + { + "url": "https://github.com/tufangungor/tufangungor.github.io/blob/master/0days.md", + "refsource": "MISC", + "name": "https://github.com/tufangungor/tufangungor.github.io/blob/master/0days.md" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7995.json b/2020/7xxx/CVE-2020-7995.json new file mode 100644 index 00000000000..702ec75cdac --- /dev/null +++ b/2020/7xxx/CVE-2020-7995.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed authentication attempts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-brute-force.html", + "refsource": "MISC", + "name": "https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-brute-force.html" + }, + { + "url": "https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-brute-force.md", + "refsource": "MISC", + "name": "https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-brute-force.md" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7996.json b/2020/7xxx/CVE-2020-7996.json new file mode 100644 index 00000000000..65c05f1dde5 --- /dev/null +++ b/2020/7xxx/CVE-2020-7996.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-xss-in-http-header.html", + "refsource": "MISC", + "name": "https://tufangungor.github.io/exploit/2020/01/18/dolibarr-10.0.6-xss-in-http-header.html" + }, + { + "url": "https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-xss-in-http-header.md", + "refsource": "MISC", + "name": "https://github.com/tufangungor/tufangungor.github.io/blob/master/_posts/2020-01-19-dolibarr-10.0.6-xss-in-http-header.md" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7997.json b/2020/7xxx/CVE-2020-7997.json new file mode 100644 index 00000000000..a8d5100c485 --- /dev/null +++ b/2020/7xxx/CVE-2020-7997.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Control feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/adeshkolte/983bcadd82cc1fd60333098eb646ef68", + "url": "https://gist.github.com/adeshkolte/983bcadd82cc1fd60333098eb646ef68" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7998.json b/2020/7xxx/CVE-2020-7998.json new file mode 100644 index 00000000000..5324afee0cb --- /dev/null +++ b/2020/7xxx/CVE-2020-7998.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for iOS. The vulnerability is located in the developer path that is accessible and hidden next to the root path. By default, there is no password set for the FTP or Web UI service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://apps.apple.com/us/app/super-file-explorer-file-viewer-file-manager/id1101973946", + "refsource": "MISC", + "name": "https://apps.apple.com/us/app/super-file-explorer-file-viewer-file-manager/id1101973946" + }, + { + "refsource": "MISC", + "name": "https://gist.github.com/adeshkolte/9e60b2483d2f20d1951beac0fc917c6f", + "url": "https://gist.github.com/adeshkolte/9e60b2483d2f20d1951beac0fc917c6f" + } + ] + } +} \ No newline at end of file diff --git a/2020/7xxx/CVE-2020-7999.json b/2020/7xxx/CVE-2020-7999.json new file mode 100644 index 00000000000..1082759c397 --- /dev/null +++ b/2020/7xxx/CVE-2020-7999.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-7999", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOAD_API_KEY and FILE_DOWNLOAD_API_KEY." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/intellian-multiple-vulnerabilities-in.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/intellian-multiple-vulnerabilities-in.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8000.json b/2020/8xxx/CVE-2020-8000.json new file mode 100644 index 00000000000..d9700b02013 --- /dev/null +++ b/2020/8xxx/CVE-2020-8000.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/intellian-multiple-vulnerabilities-in.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/intellian-multiple-vulnerabilities-in.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8001.json b/2020/8xxx/CVE-2020-8001.json new file mode 100644 index 00000000000..ab9c3e4e00b --- /dev/null +++ b/2020/8xxx/CVE-2020-8001.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the masteruser FTP account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/intellian-multiple-vulnerabilities-in.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/intellian-multiple-vulnerabilities-in.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8002.json b/2020/8xxx/CVE-2020-8002.json new file mode 100644 index 00000000000..4c508fe1814 --- /dev/null +++ b/2020/8xxx/CVE-2020-8002.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service via commands that attempt to launch a grid without previously providing a Compute Shader (CS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=572a36879701598fa727f50313508be99865b58f", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=572a36879701598fa727f50313508be99865b58f" + }, + { + "url": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=725e12beba4a41934f0ab62d399b5d4de2d13190", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=725e12beba4a41934f0ab62d399b5d4de2d13190" + }, + { + "url": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8003.json b/2020/8xxx/CVE-2020-8003.json new file mode 100644 index 00000000000..b06a668238f --- /dev/null +++ b/2020/8xxx/CVE-2020-8003.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8003", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340" + }, + { + "url": "https://gitlab.freedesktop.org/virgl/virglrenderer/commit/f9b079ccc319c98499111f66bd654fc9b56cf15f?merge_request_iid=340", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/virgl/virglrenderer/commit/f9b079ccc319c98499111f66bd654fc9b56cf15f?merge_request_iid=340" + }, + { + "url": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=f9b079ccc319c98499111f66bd654fc9b56cf15f", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=f9b079ccc319c98499111f66bd654fc9b56cf15f" + }, + { + "url": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=3320973c9f2068f60cf6613c2811a8824781878a", + "refsource": "MISC", + "name": "https://gitlab.freedesktop.org/virgl/virglrenderer/merge_requests/340/diffs?commit_id=3320973c9f2068f60cf6613c2811a8824781878a" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8004.json b/2020/8xxx/CVE-2020-8004.json new file mode 100644 index 00000000000..5852b296b4f --- /dev/null +++ b/2020/8xxx/CVE-2020-8004.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8004", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8005.json b/2020/8xxx/CVE-2020-8005.json new file mode 100644 index 00000000000..86fcc6b59b2 --- /dev/null +++ b/2020/8xxx/CVE-2020-8005.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8005", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8006.json b/2020/8xxx/CVE-2020-8006.json new file mode 100644 index 00000000000..21818977c02 --- /dev/null +++ b/2020/8xxx/CVE-2020-8006.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8006", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8007.json b/2020/8xxx/CVE-2020-8007.json new file mode 100644 index 00000000000..5e5f237461b --- /dev/null +++ b/2020/8xxx/CVE-2020-8007.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8007", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8008.json b/2020/8xxx/CVE-2020-8008.json new file mode 100644 index 00000000000..14308effa02 --- /dev/null +++ b/2020/8xxx/CVE-2020-8008.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8008", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8009.json b/2020/8xxx/CVE-2020-8009.json new file mode 100644 index 00000000000..97f62dedc41 --- /dev/null +++ b/2020/8xxx/CVE-2020-8009.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as demonstrated by reading the /etc/passwd file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.securenetworkinc.com/news/2020/1/22/new-vulnerability-motu-avb-directory-traversal", + "refsource": "MISC", + "name": "https://www.securenetworkinc.com/news/2020/1/22/new-vulnerability-motu-avb-directory-traversal" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8010.json b/2020/8xxx/CVE-2020-8010.json new file mode 100644 index 00000000000..fc0e2456266 --- /dev/null +++ b/2020/8xxx/CVE-2020-8010.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8010", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8011.json b/2020/8xxx/CVE-2020-8011.json new file mode 100644 index 00000000000..88802ab9889 --- /dev/null +++ b/2020/8xxx/CVE-2020-8011.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8011", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8012.json b/2020/8xxx/CVE-2020-8012.json new file mode 100644 index 00000000000..2dc7e87f9e0 --- /dev/null +++ b/2020/8xxx/CVE-2020-8012.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8012", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8013.json b/2020/8xxx/CVE-2020-8013.json new file mode 100644 index 00000000000..8ccb44e80f6 --- /dev/null +++ b/2020/8xxx/CVE-2020-8013.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8013", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8014.json b/2020/8xxx/CVE-2020-8014.json new file mode 100644 index 00000000000..7df52028e54 --- /dev/null +++ b/2020/8xxx/CVE-2020-8014.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8014", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8015.json b/2020/8xxx/CVE-2020-8015.json new file mode 100644 index 00000000000..5f0ac48f357 --- /dev/null +++ b/2020/8xxx/CVE-2020-8015.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8015", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8016.json b/2020/8xxx/CVE-2020-8016.json new file mode 100644 index 00000000000..517d2e4d93d --- /dev/null +++ b/2020/8xxx/CVE-2020-8016.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8016", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8017.json b/2020/8xxx/CVE-2020-8017.json new file mode 100644 index 00000000000..59af93dd4c6 --- /dev/null +++ b/2020/8xxx/CVE-2020-8017.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8017", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8018.json b/2020/8xxx/CVE-2020-8018.json new file mode 100644 index 00000000000..40f294a8a2c --- /dev/null +++ b/2020/8xxx/CVE-2020-8018.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8018", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8019.json b/2020/8xxx/CVE-2020-8019.json new file mode 100644 index 00000000000..81b04560e48 --- /dev/null +++ b/2020/8xxx/CVE-2020-8019.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8019", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8020.json b/2020/8xxx/CVE-2020-8020.json new file mode 100644 index 00000000000..1e4f922fdaf --- /dev/null +++ b/2020/8xxx/CVE-2020-8020.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8020", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8021.json b/2020/8xxx/CVE-2020-8021.json new file mode 100644 index 00000000000..b15af44d473 --- /dev/null +++ b/2020/8xxx/CVE-2020-8021.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8021", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8022.json b/2020/8xxx/CVE-2020-8022.json new file mode 100644 index 00000000000..adeb3e9492e --- /dev/null +++ b/2020/8xxx/CVE-2020-8022.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8022", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8023.json b/2020/8xxx/CVE-2020-8023.json new file mode 100644 index 00000000000..dd7f18008ae --- /dev/null +++ b/2020/8xxx/CVE-2020-8023.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8023", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8024.json b/2020/8xxx/CVE-2020-8024.json new file mode 100644 index 00000000000..888ab9e3c25 --- /dev/null +++ b/2020/8xxx/CVE-2020-8024.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8024", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8025.json b/2020/8xxx/CVE-2020-8025.json new file mode 100644 index 00000000000..eb4da7fea1c --- /dev/null +++ b/2020/8xxx/CVE-2020-8025.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8025", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8026.json b/2020/8xxx/CVE-2020-8026.json new file mode 100644 index 00000000000..ab0f4eb10cc --- /dev/null +++ b/2020/8xxx/CVE-2020-8026.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8026", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8027.json b/2020/8xxx/CVE-2020-8027.json new file mode 100644 index 00000000000..a5d5d96fb25 --- /dev/null +++ b/2020/8xxx/CVE-2020-8027.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8027", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8028.json b/2020/8xxx/CVE-2020-8028.json new file mode 100644 index 00000000000..0f050f1c8be --- /dev/null +++ b/2020/8xxx/CVE-2020-8028.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8028", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8029.json b/2020/8xxx/CVE-2020-8029.json new file mode 100644 index 00000000000..ce3d41cd72e --- /dev/null +++ b/2020/8xxx/CVE-2020-8029.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8029", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8030.json b/2020/8xxx/CVE-2020-8030.json new file mode 100644 index 00000000000..16046bd1b56 --- /dev/null +++ b/2020/8xxx/CVE-2020-8030.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8030", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8031.json b/2020/8xxx/CVE-2020-8031.json new file mode 100644 index 00000000000..3f47ddad012 --- /dev/null +++ b/2020/8xxx/CVE-2020-8031.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8031", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8032.json b/2020/8xxx/CVE-2020-8032.json new file mode 100644 index 00000000000..326d6ed5eca --- /dev/null +++ b/2020/8xxx/CVE-2020-8032.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8032", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8033.json b/2020/8xxx/CVE-2020-8033.json new file mode 100644 index 00000000000..bc0a09fe410 --- /dev/null +++ b/2020/8xxx/CVE-2020-8033.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8033", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8034.json b/2020/8xxx/CVE-2020-8034.json new file mode 100644 index 00000000000..888eab814ac --- /dev/null +++ b/2020/8xxx/CVE-2020-8034.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8034", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8035.json b/2020/8xxx/CVE-2020-8035.json new file mode 100644 index 00000000000..ec149b8edb9 --- /dev/null +++ b/2020/8xxx/CVE-2020-8035.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8035", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8036.json b/2020/8xxx/CVE-2020-8036.json new file mode 100644 index 00000000000..9a87c4277fb --- /dev/null +++ b/2020/8xxx/CVE-2020-8036.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8036", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8037.json b/2020/8xxx/CVE-2020-8037.json new file mode 100644 index 00000000000..ec2602354b5 --- /dev/null +++ b/2020/8xxx/CVE-2020-8037.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8037", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8038.json b/2020/8xxx/CVE-2020-8038.json new file mode 100644 index 00000000000..bfef2aea85c --- /dev/null +++ b/2020/8xxx/CVE-2020-8038.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8038", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8039.json b/2020/8xxx/CVE-2020-8039.json new file mode 100644 index 00000000000..f5c74eb5c2c --- /dev/null +++ b/2020/8xxx/CVE-2020-8039.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8039", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8040.json b/2020/8xxx/CVE-2020-8040.json new file mode 100644 index 00000000000..82877ac6082 --- /dev/null +++ b/2020/8xxx/CVE-2020-8040.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8040", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8041.json b/2020/8xxx/CVE-2020-8041.json new file mode 100644 index 00000000000..fee73c55c27 --- /dev/null +++ b/2020/8xxx/CVE-2020-8041.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8041", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8042.json b/2020/8xxx/CVE-2020-8042.json new file mode 100644 index 00000000000..f0080fb7065 --- /dev/null +++ b/2020/8xxx/CVE-2020-8042.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8042", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8043.json b/2020/8xxx/CVE-2020-8043.json new file mode 100644 index 00000000000..ef4cabe702a --- /dev/null +++ b/2020/8xxx/CVE-2020-8043.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8043", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8044.json b/2020/8xxx/CVE-2020-8044.json new file mode 100644 index 00000000000..f51126abd21 --- /dev/null +++ b/2020/8xxx/CVE-2020-8044.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8044", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8045.json b/2020/8xxx/CVE-2020-8045.json new file mode 100644 index 00000000000..f080a8b0e72 --- /dev/null +++ b/2020/8xxx/CVE-2020-8045.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8045", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8046.json b/2020/8xxx/CVE-2020-8046.json new file mode 100644 index 00000000000..c4bbec8a888 --- /dev/null +++ b/2020/8xxx/CVE-2020-8046.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8046", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8047.json b/2020/8xxx/CVE-2020-8047.json new file mode 100644 index 00000000000..7d2cce86ac0 --- /dev/null +++ b/2020/8xxx/CVE-2020-8047.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8047", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8048.json b/2020/8xxx/CVE-2020-8048.json new file mode 100644 index 00000000000..af29f40f816 --- /dev/null +++ b/2020/8xxx/CVE-2020-8048.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8048", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8049.json b/2020/8xxx/CVE-2020-8049.json new file mode 100644 index 00000000000..93a16e8f97b --- /dev/null +++ b/2020/8xxx/CVE-2020-8049.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8049", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8050.json b/2020/8xxx/CVE-2020-8050.json new file mode 100644 index 00000000000..bbf7c40c433 --- /dev/null +++ b/2020/8xxx/CVE-2020-8050.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8050", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8051.json b/2020/8xxx/CVE-2020-8051.json new file mode 100644 index 00000000000..4fccb960909 --- /dev/null +++ b/2020/8xxx/CVE-2020-8051.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8051", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8052.json b/2020/8xxx/CVE-2020-8052.json new file mode 100644 index 00000000000..6d6aa999909 --- /dev/null +++ b/2020/8xxx/CVE-2020-8052.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8052", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8053.json b/2020/8xxx/CVE-2020-8053.json new file mode 100644 index 00000000000..6e6cff450fa --- /dev/null +++ b/2020/8xxx/CVE-2020-8053.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8053", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8054.json b/2020/8xxx/CVE-2020-8054.json new file mode 100644 index 00000000000..b014765512d --- /dev/null +++ b/2020/8xxx/CVE-2020-8054.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8054", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8055.json b/2020/8xxx/CVE-2020-8055.json new file mode 100644 index 00000000000..4fec8a65ba7 --- /dev/null +++ b/2020/8xxx/CVE-2020-8055.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8055", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8056.json b/2020/8xxx/CVE-2020-8056.json new file mode 100644 index 00000000000..cd41380c6f3 --- /dev/null +++ b/2020/8xxx/CVE-2020-8056.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8056", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8057.json b/2020/8xxx/CVE-2020-8057.json new file mode 100644 index 00000000000..7404bf6179b --- /dev/null +++ b/2020/8xxx/CVE-2020-8057.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8057", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8058.json b/2020/8xxx/CVE-2020-8058.json new file mode 100644 index 00000000000..256efbec61d --- /dev/null +++ b/2020/8xxx/CVE-2020-8058.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8058", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8059.json b/2020/8xxx/CVE-2020-8059.json new file mode 100644 index 00000000000..4373daf76ba --- /dev/null +++ b/2020/8xxx/CVE-2020-8059.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8059", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8060.json b/2020/8xxx/CVE-2020-8060.json new file mode 100644 index 00000000000..1b9497a5efe --- /dev/null +++ b/2020/8xxx/CVE-2020-8060.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8060", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8061.json b/2020/8xxx/CVE-2020-8061.json new file mode 100644 index 00000000000..9d409d28a93 --- /dev/null +++ b/2020/8xxx/CVE-2020-8061.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8061", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8062.json b/2020/8xxx/CVE-2020-8062.json new file mode 100644 index 00000000000..2508009246b --- /dev/null +++ b/2020/8xxx/CVE-2020-8062.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8062", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8063.json b/2020/8xxx/CVE-2020-8063.json new file mode 100644 index 00000000000..b4ae1ff0ec7 --- /dev/null +++ b/2020/8xxx/CVE-2020-8063.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8063", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8064.json b/2020/8xxx/CVE-2020-8064.json new file mode 100644 index 00000000000..6e78c860cc8 --- /dev/null +++ b/2020/8xxx/CVE-2020-8064.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8064", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8065.json b/2020/8xxx/CVE-2020-8065.json new file mode 100644 index 00000000000..c3d9f7a42d2 --- /dev/null +++ b/2020/8xxx/CVE-2020-8065.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8065", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8066.json b/2020/8xxx/CVE-2020-8066.json new file mode 100644 index 00000000000..682186801c7 --- /dev/null +++ b/2020/8xxx/CVE-2020-8066.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8066", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8067.json b/2020/8xxx/CVE-2020-8067.json new file mode 100644 index 00000000000..59e11ecd042 --- /dev/null +++ b/2020/8xxx/CVE-2020-8067.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8067", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8068.json b/2020/8xxx/CVE-2020-8068.json new file mode 100644 index 00000000000..7e96ff5dafb --- /dev/null +++ b/2020/8xxx/CVE-2020-8068.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8068", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8069.json b/2020/8xxx/CVE-2020-8069.json new file mode 100644 index 00000000000..4333c8c5015 --- /dev/null +++ b/2020/8xxx/CVE-2020-8069.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8069", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8070.json b/2020/8xxx/CVE-2020-8070.json new file mode 100644 index 00000000000..9a88f837d1f --- /dev/null +++ b/2020/8xxx/CVE-2020-8070.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8070", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8071.json b/2020/8xxx/CVE-2020-8071.json new file mode 100644 index 00000000000..ce24d44ad9a --- /dev/null +++ b/2020/8xxx/CVE-2020-8071.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8071", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8072.json b/2020/8xxx/CVE-2020-8072.json new file mode 100644 index 00000000000..7c9e5922f53 --- /dev/null +++ b/2020/8xxx/CVE-2020-8072.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8072", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8073.json b/2020/8xxx/CVE-2020-8073.json new file mode 100644 index 00000000000..5259af50d9f --- /dev/null +++ b/2020/8xxx/CVE-2020-8073.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8073", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8074.json b/2020/8xxx/CVE-2020-8074.json new file mode 100644 index 00000000000..f18a98912e0 --- /dev/null +++ b/2020/8xxx/CVE-2020-8074.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8074", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8075.json b/2020/8xxx/CVE-2020-8075.json new file mode 100644 index 00000000000..dfc4d01110d --- /dev/null +++ b/2020/8xxx/CVE-2020-8075.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8075", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8076.json b/2020/8xxx/CVE-2020-8076.json new file mode 100644 index 00000000000..39a9d71ceb1 --- /dev/null +++ b/2020/8xxx/CVE-2020-8076.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8076", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8077.json b/2020/8xxx/CVE-2020-8077.json new file mode 100644 index 00000000000..668a5764e1e --- /dev/null +++ b/2020/8xxx/CVE-2020-8077.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8077", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8078.json b/2020/8xxx/CVE-2020-8078.json new file mode 100644 index 00000000000..e528cba3952 --- /dev/null +++ b/2020/8xxx/CVE-2020-8078.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8078", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8079.json b/2020/8xxx/CVE-2020-8079.json new file mode 100644 index 00000000000..ae49a868345 --- /dev/null +++ b/2020/8xxx/CVE-2020-8079.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8079", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8080.json b/2020/8xxx/CVE-2020-8080.json new file mode 100644 index 00000000000..c8a2fab6f7c --- /dev/null +++ b/2020/8xxx/CVE-2020-8080.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8080", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8081.json b/2020/8xxx/CVE-2020-8081.json new file mode 100644 index 00000000000..96f1a6f2d37 --- /dev/null +++ b/2020/8xxx/CVE-2020-8081.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8081", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8082.json b/2020/8xxx/CVE-2020-8082.json new file mode 100644 index 00000000000..c74f29c0570 --- /dev/null +++ b/2020/8xxx/CVE-2020-8082.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8082", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8083.json b/2020/8xxx/CVE-2020-8083.json new file mode 100644 index 00000000000..0d8ad88a474 --- /dev/null +++ b/2020/8xxx/CVE-2020-8083.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8083", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8084.json b/2020/8xxx/CVE-2020-8084.json new file mode 100644 index 00000000000..140e887f985 --- /dev/null +++ b/2020/8xxx/CVE-2020-8084.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8084", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8085.json b/2020/8xxx/CVE-2020-8085.json new file mode 100644 index 00000000000..c81c16cd946 --- /dev/null +++ b/2020/8xxx/CVE-2020-8085.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8085", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8086.json b/2020/8xxx/CVE-2020-8086.json new file mode 100644 index 00000000000..e31248d35e9 --- /dev/null +++ b/2020/8xxx/CVE-2020-8086.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://hg.prosody.im/prosody-modules/log/tip/mod_auth_ldap/mod_auth_ldap.lua", + "refsource": "MISC", + "name": "https://hg.prosody.im/prosody-modules/log/tip/mod_auth_ldap/mod_auth_ldap.lua" + }, + { + "url": "https://hg.prosody.im/prosody-modules/log/tip/mod_auth_ldap2/mod_auth_ldap2.lua", + "refsource": "MISC", + "name": "https://hg.prosody.im/prosody-modules/log/tip/mod_auth_ldap2/mod_auth_ldap2.lua" + }, + { + "refsource": "CONFIRM", + "name": "https://prosody.im/security/advisory_20200128/", + "url": "https://prosody.im/security/advisory_20200128/" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8087.json b/2020/8xxx/CVE-2020-8087.json new file mode 100644 index 00000000000..345db46c596 --- /dev/null +++ b/2020/8xxx/CVE-2020-8087.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote command execution by leveraging access to the Network Diagnostic Tools screen, as demonstrated by an admin login. The attacker must use a Parameter Pollution approach against goform/formSetDiagnosticToolsFmPing by providing the vlu_diagnostic_tools__ping_address parameter twice: once with a shell metacharacter and a command name, and once with a command argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/smc-networks-remote-code-execution.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/smc-networks-remote-code-execution.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8088.json b/2020/8xxx/CVE-2020-8088.json new file mode 100644 index 00000000000..ace442c0f6c --- /dev/null +++ b/2020/8xxx/CVE-2020-8088.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://xavibel.com/2020/01/22/usebb-forum-php-type-juggling-vulnerability/", + "refsource": "MISC", + "name": "https://xavibel.com/2020/01/22/usebb-forum-php-type-juggling-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8089.json b/2020/8xxx/CVE-2020-8089.json new file mode 100644 index 00000000000..5c61d0bad93 --- /dev/null +++ b/2020/8xxx/CVE-2020-8089.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8089", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8090.json b/2020/8xxx/CVE-2020-8090.json new file mode 100644 index 00000000000..ab2b9d07d2d --- /dev/null +++ b/2020/8xxx/CVE-2020-8090.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored XSS (after a successful Administrator login)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://sku11army.blogspot.com/2020/01/a1-modem-wlan-box-adb-vv2220.html", + "refsource": "MISC", + "name": "https://sku11army.blogspot.com/2020/01/a1-modem-wlan-box-adb-vv2220.html" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8091.json b/2020/8xxx/CVE-2020-8091.json new file mode 100644 index 00000000000..3b6e6406e7d --- /dev/null +++ b/2020/8xxx/CVE-2020-8091.json @@ -0,0 +1,81 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8091", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://typo3.org/security/advisory/typo3-psa-2019-003/", + "refsource": "MISC", + "name": "https://typo3.org/security/advisory/typo3-psa-2019-003/" + }, + { + "refsource": "MISC", + "name": "https://www.purplemet.com/blog/typo3-xss-vulnerability", + "url": "https://www.purplemet.com/blog/typo3-xss-vulnerability" + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AC:H/AV:N/A:N/C:L/I:L/PR:N/S:U/UI:N", + "version": "3.0" + } + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8092.json b/2020/8xxx/CVE-2020-8092.json new file mode 100644 index 00000000000..f4d199a3962 --- /dev/null +++ b/2020/8xxx/CVE-2020-8092.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8092", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8093.json b/2020/8xxx/CVE-2020-8093.json new file mode 100644 index 00000000000..185f36ebbc9 --- /dev/null +++ b/2020/8xxx/CVE-2020-8093.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8093", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8094.json b/2020/8xxx/CVE-2020-8094.json new file mode 100644 index 00000000000..749745dd439 --- /dev/null +++ b/2020/8xxx/CVE-2020-8094.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8094", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8095.json b/2020/8xxx/CVE-2020-8095.json new file mode 100644 index 00000000000..742d60ca7a1 --- /dev/null +++ b/2020/8xxx/CVE-2020-8095.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8095", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8096.json b/2020/8xxx/CVE-2020-8096.json new file mode 100644 index 00000000000..a8df97b22cb --- /dev/null +++ b/2020/8xxx/CVE-2020-8096.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8096", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8097.json b/2020/8xxx/CVE-2020-8097.json new file mode 100644 index 00000000000..b3fabbd7f0b --- /dev/null +++ b/2020/8xxx/CVE-2020-8097.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8097", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8098.json b/2020/8xxx/CVE-2020-8098.json new file mode 100644 index 00000000000..f7480b2f95f --- /dev/null +++ b/2020/8xxx/CVE-2020-8098.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8098", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8099.json b/2020/8xxx/CVE-2020-8099.json new file mode 100644 index 00000000000..f1f652be8f6 --- /dev/null +++ b/2020/8xxx/CVE-2020-8099.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8099", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8100.json b/2020/8xxx/CVE-2020-8100.json new file mode 100644 index 00000000000..d26eb0305c8 --- /dev/null +++ b/2020/8xxx/CVE-2020-8100.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8100", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8101.json b/2020/8xxx/CVE-2020-8101.json new file mode 100644 index 00000000000..f6b05825b4d --- /dev/null +++ b/2020/8xxx/CVE-2020-8101.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8101", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8102.json b/2020/8xxx/CVE-2020-8102.json new file mode 100644 index 00000000000..801f60fa6af --- /dev/null +++ b/2020/8xxx/CVE-2020-8102.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8102", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8103.json b/2020/8xxx/CVE-2020-8103.json new file mode 100644 index 00000000000..4ace14f3223 --- /dev/null +++ b/2020/8xxx/CVE-2020-8103.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8103", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8104.json b/2020/8xxx/CVE-2020-8104.json new file mode 100644 index 00000000000..b511127e8cf --- /dev/null +++ b/2020/8xxx/CVE-2020-8104.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8104", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8105.json b/2020/8xxx/CVE-2020-8105.json new file mode 100644 index 00000000000..630dd5d2993 --- /dev/null +++ b/2020/8xxx/CVE-2020-8105.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8105", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8106.json b/2020/8xxx/CVE-2020-8106.json new file mode 100644 index 00000000000..9ebcc49c67a --- /dev/null +++ b/2020/8xxx/CVE-2020-8106.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8106", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8107.json b/2020/8xxx/CVE-2020-8107.json new file mode 100644 index 00000000000..6e7c438ce4e --- /dev/null +++ b/2020/8xxx/CVE-2020-8107.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8107", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8108.json b/2020/8xxx/CVE-2020-8108.json new file mode 100644 index 00000000000..20672a61fe2 --- /dev/null +++ b/2020/8xxx/CVE-2020-8108.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8108", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8109.json b/2020/8xxx/CVE-2020-8109.json new file mode 100644 index 00000000000..f14dbfe6382 --- /dev/null +++ b/2020/8xxx/CVE-2020-8109.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8109", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8110.json b/2020/8xxx/CVE-2020-8110.json new file mode 100644 index 00000000000..cfd1e9ad33b --- /dev/null +++ b/2020/8xxx/CVE-2020-8110.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8110", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8111.json b/2020/8xxx/CVE-2020-8111.json new file mode 100644 index 00000000000..2e18b4b1edf --- /dev/null +++ b/2020/8xxx/CVE-2020-8111.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8111", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8112.json b/2020/8xxx/CVE-2020-8112.json new file mode 100644 index 00000000000..4f9ed37e1ab --- /dev/null +++ b/2020/8xxx/CVE-2020-8112.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-8112", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/uclouvain/openjpeg/issues/1231", + "refsource": "MISC", + "name": "https://github.com/uclouvain/openjpeg/issues/1231" + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8113.json b/2020/8xxx/CVE-2020-8113.json new file mode 100644 index 00000000000..7cac61ace6f --- /dev/null +++ b/2020/8xxx/CVE-2020-8113.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8113", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/8xxx/CVE-2020-8114.json b/2020/8xxx/CVE-2020-8114.json new file mode 100644 index 00000000000..ecd3e6e2ff7 --- /dev/null +++ b/2020/8xxx/CVE-2020-8114.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-8114", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file